Siemens ST PCS 7 User Manual

Industrial Security

Siemens ST PCS 7 · November 2007

9

■

The SCALANCE S industrial security modules can safeguard in-

dustrial systems/devices or network segments of an Ethernet 

against unauthorized access by means of a firewall. Some of 

them, e.g. SCALANCE S612 and S613, additionally use encryp-

tion and authentication (VPN) to protect the data transmission 

between systems/devices or network segments against data 

manipulation and espionage.

■

The following SCALANCE S industrial security modules can be 

used in the context of the SIMATIC PCS 7 security concept:
• SCALANCE S602 industrial security module

with firewall functionality

• SCALANCE S612 industrial security module 

with firewall functionality and VPN (Virtual Private Network) 

functionality for up to 32 devices (up to 64 simultaneous VPN 

tunnels)

• SCALANCE S613 industrial security module 

with firewall functionality and VPN (Virtual Private Network) 

functionality for up to 64 devices (up to 128 simultaneous VPN 

tunnels); suitable for extended temperature range from -20 to 

+70 °C.

Security functions of the SCALANCE S industrial security mod-

ules
• Firewall functionality (S602, S612 and S613) 

- Filtering of data packets as well as enabling or blocking of 

communication links on the basis of filter lists (packet filter 

firewall); IP and MAC addresses can be filtered, as well as 

communication protocols (ports) with incoming and outgo-

ing communication.

- Saving of access data in a log file; for verification purposes 

and for recognition of attacks and derivation of preventive 

measures.

• VPN functionality (S612 and S613) 

- Secure authentication (identification) of the network notes 

through monitoring and checking the incoming data traffic 

using proven VPN mechanisms.

- Data encryption and data integrity checking for protection 

against espionage and data manipulation; establishment of 

VPN tunnels to other security modules

Using the supplied configuration tool, it is easy to create and 

configure the security modules which are to communicate se-

curely with one another. You do not require any special 

IT knowledge.
The complete configuration can be saved on the optional swap 

medium C-PLUG (order separately) and transmitted to another 

security module. This permits easy and fast replacement of 

modules in the event of a fault.

B) Subject to export regulations: AL: N, ECCN: EAR99H

F) Subject to export regulations: AL: N, ECCN: 5D002ENC3

:

For further components and accessories, especially cable material and 

connectors as well as tools and supplementary material for assembly, re-

fer to page 9/23, 9/25 and 9/26 as well as to Catalog IK PI.

■

Order No.

Industrial security module for 

protection against unauthorized 

access by means of Stateful 

Inspection Firewall

F)

Industrial security module for 

protection against unauthorized 

access by means of Stateful 

Inspection Firewall as well as for 

protection of up to 32 devices per 

VPN tunnel (up to 64 VPN tunnels 

simultaneously)

F)

Industrial security module for 

protection against unauthorized 

access by means of Stateful 

Inspection Firewall as well as for 

protection of up to 64 devices per 

VPN tunnel (up to 128 VPN tun-

nels simultaneously); suitable for 

extended temperature range from 

-20 to +70° C

F)

Swap medium for simple replace-

ment of devices in event of fault; 

for saving of configuration and 

application data, can be used in 

SIMATIC NET products with 

C-PLUG slot

B)

© Siemens AG 2007