Security Features Of The 7Kn Powercenter 3000 - Siemens SENTRON 7KN POWERCENTER 3000 Manual

Iot data platforms

Hide thumbs Also See for SENTRON 7KN POWERCENTER 3000:

Manual (102 pages)

Quick install manual (2 pages)

Manual (112 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

page of 148

/ 148
Contents
Table of Contents
Bookmarks

Table of Contents

4.7.1

Security features of the 7KN POWERCENTER 3000.

• Signed firmware: The 7KN Powercenter 3000 can only be operated with firmware signed

by SIEMENS. This makes operation with corrupted or manipulated firmware impossible.

Downgrading to firmware that may be faulty is not possible either.

• IP filter: On the 7KN Powercenter 3000, up to 5 different privileged IP addresses or IP

subnets, the so-called Firewall Whitelist, can be selected. If this option is used, all further

IP addresses/IP address ranges or subnets are excluded from communication if they are

not entered in the Firewall Whitelist.

Note

An individual IP address is entered in CIDR notation (Classless Inter-Domain Routing):

xxx.xxx.xxx.xxx/32, e.g. for 192.168.10.15/32.

The IP subnet is entered as follows: xxx.xxx.xxx.xxx/24 and therefore, e.g. for IP address

range 192.168.10.1 to 192.168.10.254

If more than 5 explicit IP addresses are required, the applications (=IP addresses) can be

grouped together into one IP subnet (IP address range), which is then specified.

• Secure MindSphere communication: With the secure login process defined for

MindSphere and the exchange of electronic keys defined for this, communication with

MindSphere is encrypted. Communication with MindSphere can only be initiated from the

7KN Powercenter 3000 and not the reverse.

• Selectable TCP ports: Spying and analysis of the communication is typically performed by

identification of the ports. If attacks of this kind are possible, another port can be chosen.

The port must be adapted on both communication partners.

• Encrypted communication with MindSphere and other clouds.

• Services that are not required: Every service is a point of attack, so services that are

currently not used should be deactivated.

– Identification service can be deactivated. The 7KN Powercenter 3000 can then not be

– Modbus TCP gateway can be deactivated or not started automatically. 7KN

– Web user interface can be deactivated. The 7KN Powercenter 3000 can then not be

• Write protection for the web user interface on the external interface X1P1: For the

web user interface on the external Ethernet interface X1P1, write protection can be

deactivated / activated with Settings → General, in the area "External Communication

(X1P1)" of the Web server. Write protection is activated on delivery.

• Security tests: The 7KN Powercenter 3000 is regularly subjected to security tests.

Vulnerabilities are continuously remedied.

7KN POWERCENTER 3000

Equipment Manual, 07/2020, L1V30579222003-03

located and identified via the interface with powerconfig.

Powercenter 3000 can then no longer be used as a Modbus TCP gateway by other

applications such as powermanager or powerconfig.

accessed via the interface with web browsers and no longer manipulated via "Settings".

Installing, connecting, commissioning

4.7 Security features

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Security Features Of The 7Kn Powercenter 3000 - Siemens SENTRON 7KN POWERCENTER 3000 Manual

Security features of the 7KN POWERCENTER 3000.

Hide quick links:

Related Manuals for Siemens SENTRON 7KN POWERCENTER 3000

Related Content for Siemens SENTRON 7KN POWERCENTER 3000

Table of Contents