Siemens Integrated Security Functions

Wednesday, May 30, 2012 @ 03:05 PM gHale


New versions of Siemens Simatic NET CP 343-1 Advanced and Simatic NET CP 443-1 components with integrated security functions could enable companies to enhance the security of their networks.

These processors contain a firewall, as well as a VPN function (Virtual Private Network), which provides secure access to the Simatic S7-300 and S7-400 controller series.

Industrial PCs can also get a firewall and VPN client via the Simatic NET CP 1628 module. The security module Scalance S623 is also new; with an additional DMZ port for service access, as is the UMTS router Scalance M875 for secure access to plant units via a 3G cellular network using UMTS.

Through its Security Integrated product portfolio, Siemens has network components that provide extended security features. The Simatic NET CP 343-1 Advanced and Simatic NET CP 443-1 Advanced communications processors with extended functional scope enable connection to the S7-300 or S7-400 controllers via VPN. It is possible to define more detailed security settings and access rights via the integrated firewall. Through this function, the communications processors secure access across the entire plant network. The integrated switch also supports secure connection of the lower-level controllers and HMI and I/O devices.

The Security Integrated range includes the new Simatic NET CP 1628 module for industrial PCs. It supports secure connection of industrial PCs to the network via a VPN and firewall. Computers equipped with the module can connect to protected cells. It is also possible to access an industrial PC with an integral CP 1628 using the Softnet Security Client application over the Internet or a company-internal network via remote access.

Two more new products in the security portfolio of the Industry Automation Division are the security module Scalance S623 and the UMTS router Scalance M875. With the Scalance S623, the thoroughly revised range of Scalance S modules is supplemented by a variant with a DMZ port (Demilitarized Zone). This port opens up a separate and, if required, restricted access point to the network for service access. A DSL modem can connect to the DMZ port for service work via remote access. In the case of Scalance M875, this is a UMTS router with integrated security functions. The router works with secure communication to and from distributed automation cells via VPN, such as the supply stations of a water utility company or mobile plants that have centralized monitoring or undergoes remote control from a control center.

Because of the increased use of Ethernet connections penetrating the field level, security issues are gaining in importance in industry. For comprehensive plant protection, there must be a variety of different measures implemented. These range from the company organization and guidelines regarding protective measures for PC and control systems through to protection of automation cells by segmenting the network.



Leave a Reply

You must be logged in to post a comment.