Simatic Net Products For Network Security - Siemens SIMATIC NET System Manual

Network structures and network configuration
2.4 Network security
2.4.6

SIMATIC NET products for network security

SIMATIC NET provides the user with a complete range of high-performance hardware and
software components to protect individual devices or an entire network against the following
impairments:
● Data manipulation, i.e. violation of the integrity
● Espionage
● Forged addressing (IP spoofing), i.e. violation of the authenticity
● Overload (denial of service) as an accidental or deliberate effect on a target system.
If remote access using mobile wireless is part of the infrastructure, it, too, can be protected.
Security functions
The SIMATIC NET products have proven security functions. Which of the security
mechanisms are supported by the individual devices and details of the configuration limits
can be found in the relevant product documentation.
● IP firewall with stateful packet inspection (layer 3 and 4)
● Firewall also for Ethernet "non-IP" frames according to IEEE 802.3 (layer 2)
● Bandwidth limitation
● Global and user-specific firewall rules
● Secure communication with VPN protocols
● Logging (storage of events in log files)
● NTP (secure) for secure time-of-day synchronization and transmission
● SNMPv3 for secure transmission of network analysis information safe from
eavesdropping
● User authentication
● Secure communication protocols such as HTTPS and SSH
SCALANCE S
As a firewall, the Industrial Security Appliances SCALANCE S protect the secured devices
against access from the outside. In addition to the security functions described in the
previous section, the SCALANCE S devices have a DHCP server and a NAT/NAPT router.
The following devices are available:
● SCALANCE S615
● SCALANCE SC632-2C
● SCALANCE SC636-2C
● SCALANCE SC642-2C
● SCALANCE SC646-2C
104
System Manual, 09/2019, C79000-G8976-C242-10
Industrial Ethernet