Siemens Welding System ST PCS 7 사용자 설명서
Communication
Industrial Security
Industrial Security components
9/34
Siemens ST PCS 7 · November 2007
9
■
Overview
The SCALANCE S industrial security modules can safeguard in-
dustrial systems/devices or network segments of an Ethernet
against unauthorized access by means of a firewall. Some of
them, e.g. SCALANCE S612 and S613, additionally use encryp-
tion and authentication (VPN) to protect the data transmission
between systems/devices or network segments against data
manipulation and espionage.
■
Design
SCALANCE S industrial security modules
The following SCALANCE S industrial security modules can be
used in the context of the SIMATIC PCS 7 security concept:
• SCALANCE S602 industrial security module
• SCALANCE S602 industrial security module
with firewall functionality
• SCALANCE S612 industrial security module
with firewall functionality and VPN (Virtual Private Network)
functionality for up to 32 devices (up to 64 simultaneous VPN
tunnels)
• SCALANCE S613 industrial security module
with firewall functionality and VPN (Virtual Private Network)
functionality for up to 64 devices (up to 128 simultaneous VPN
tunnels); suitable for extended temperature range from -20 to
+70 °C.
Security functions of the SCALANCE S industrial security mod-
ules
• Firewall functionality (S602, S612 and S613)
• Firewall functionality (S602, S612 and S613)
- Filtering of data packets as well as enabling or blocking of
communication links on the basis of filter lists (packet filter
firewall); IP and MAC addresses can be filtered, as well as
communication protocols (ports) with incoming and outgo-
ing communication.
- Saving of access data in a log file; for verification purposes
and for recognition of attacks and derivation of preventive
measures.
• VPN functionality (S612 and S613)
- Secure authentication (identification) of the network notes
through monitoring and checking the incoming data traffic
using proven VPN mechanisms.
- Data encryption and data integrity checking for protection
against espionage and data manipulation; establishment of
VPN tunnels to other security modules
Configuration
Using the supplied configuration tool, it is easy to create and
configure the security modules which are to communicate se-
curely with one another. You do not require any special
IT knowledge.
The complete configuration can be saved on the optional swap
The complete configuration can be saved on the optional swap
medium C-PLUG (order separately) and transmitted to another
security module. This permits easy and fast replacement of
modules in the event of a fault.
B) Subject to export regulations: AL: N, ECCN: EAR99H
F) Subject to export regulations: AL: N, ECCN: 5D002ENC3
Note
:
connectors as well as tools and supplementary material for assembly, re-
fer to page 9/23, 9/25 and 9/26 as well as to Catalog IK PI.
■
Selection and Ordering Data
Order No.
SCALANCE S industrial security modules
SCALANCE S602
Industrial security module for
protection against unauthorized
access by means of Stateful
Inspection Firewall
6GK5 602-0BA00-2AA3
F)
SCALANCE S612
Industrial security module for
protection against unauthorized
access by means of Stateful
Inspection Firewall as well as for
protection of up to 32 devices per
VPN tunnel (up to 64 VPN tunnels
simultaneously)
6GK5 612-0BA00-2AA3
F)
SCALANCE S613
Industrial security module for
protection against unauthorized
access by means of Stateful
Inspection Firewall as well as for
protection of up to 64 devices per
VPN tunnel (up to 128 VPN tun-
nels simultaneously); suitable for
extended temperature range from
-20 to +70° C
6GK5 613-0BA00-2AA3
F)
Accessories
C-PLUG
Swap medium for simple replace-
ment of devices in event of fault;
for saving of configuration and
application data, can be used in
SIMATIC NET products with
C-PLUG slot
6GK1 900-0AB00
B)
© Siemens AG 2007