© Siemens AG 2007

Communication

Industrial Security

Industrial Security components

Configuration

Overview

Using the supplied configuration tool, it is easy to create and configure the security modules which are to communicate se- curely with one another. You do not require any special

IT knowledge.

The complete configuration can be saved on the optional swap medium C-PLUG (order separately) and transmitted to another security module. This permits easy and fast replacement of modules in the event of a fault.

The SCALANCE S industrial security modules can safeguard in- dustrial systems/devices or network segments of an Ethernet against unauthorized access by means of a firewall. Some of them, e.g. SCALANCE S612 and S613, additionally use encryp- tion and authentication (VPN) to protect the data transmission between systems/devices or network segments against data manipulation and espionage.

Design

SCALANCE S industrial security modules

The following SCALANCE S industrial security modules can be

9used in the context of the SIMATIC PCS 7 security concept:

SCALANCE S602 industrial security module with firewall functionality

SCALANCE S612 industrial security module

with firewall functionality and VPN (Virtual Private Network) functionality for up to 32 devices (up to 64 simultaneous VPN tunnels)

SCALANCE S613 industrial security module

with firewall functionality and VPN (Virtual Private Network) functionality for up to 64 devices (up to 128 simultaneous VPN tunnels); suitable for extended temperature range from -20 to +70 °C.

Security functions of the SCALANCE S industrial security mod- ules

Firewall functionality (S602, S612 and S613)

-Filtering of data packets as well as enabling or blocking of communication links on the basis of filter lists (packet filter firewall); IP and MAC addresses can be filtered, as well as communication protocols (ports) with incoming and outgo- ing communication.

-Saving of access data in a log file; for verification purposes and for recognition of attacks and derivation of preventive measures.

VPN functionality (S612 and S613)

-Secure authentication (identification) of the network notes through monitoring and checking the incoming data traffic using proven VPN mechanisms.

-Data encryption and data integrity checking for protection against espionage and data manipulation; establishment of VPN tunnels to other security modules

 

 

 

 

Selection and Ordering Data

Order No.

 

 

 

 

SCALANCE S industrial security modules

 

 

 

 

 

SCALANCE S602

6GK5 602-0BA00-2AA3

F)

Industrial security module for

 

 

protection against unauthorized

 

 

access by means of Stateful

 

 

Inspection Firewall

 

 

 

SCALANCE S612

6GK5 612-0BA00-2AA3

F)

 

Industrial security module for

 

 

 

protection against unauthorized

 

 

 

access by means of Stateful

 

 

 

Inspection Firewall as well as for

 

 

 

protection of up to 32 devices per

 

 

 

VPN tunnel (up to 64 VPN tunnels

 

 

 

simultaneously)

 

 

 

SCALANCE S613

6GK5 613-0BA00-2AA3

F)

 

Industrial security module for

 

 

 

protection against unauthorized

 

 

 

access by means of Stateful

 

 

 

Inspection Firewall as well as for

 

 

 

protection of up to 64 devices per

 

 

 

VPN tunnel (up to 128 VPN tun-

 

 

 

nels simultaneously); suitable for

 

 

 

extended temperature range from

 

 

 

-20 to +70° C

 

 

 

Accessories

 

 

 

C-PLUG

6GK1 900-0AB00

B)

 

Swap medium for simple replace-

 

 

ment of devices in event of fault; for saving of configuration and application data, can be used in SIMATIC NET products with C-PLUG slot

B) Subject to export regulations: AL: N, ECCN: EAR99H

F) Subject to export regulations: AL: N, ECCN: 5D002ENC3

Note:

For further components and accessories, especially cable material and connectors as well as tools and supplementary material for assembly, re- fer to page 9/23, 9/25 and 9/26 as well as to Catalog IK PI.

9/34

Siemens ST PCS 7 · November 2007

Page 162
Image 162
Siemens ST PCS 7 manual Industrial Security components, Configuration, Scalance S industrial security modules