Application and functions
1.6 Security functions (CP 1542SP-1 IRC, CP 1543SP-1)
CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1
16 Operating Instructions, 01/2017, C79000-G8976-C426-03
●
Secure telecontrol communication
The telecontrol protocols provide the following Security functions:
– TeleControl Basic
As an integrated security function, the telecontrol protocol encrypts the data for
transfer between the CP and telecontrol server. The interval for the key exchange
between CP and telecontrol server is set to 1 hour.
The telecontrol password is used to authenticate the CP with the telecontrol server
– DNP3
The CP supports the Security mechanisms listed in the specification.
Security functions of the CP 1543SP-1
With Industrial Ethernet Security, individual devices, automation cells or network segments
of an Ethernet network can be protected. The data transfer via the CP 1543SP-1 can be
protected from the following attacks by a combination of different security measures:
● Data espionage
● Data manipulation
● Unauthorized access
Secure underlying networks can be operated via additional Ethernet/PROFINET interfaces of
the CPU.
As a result of using the CP, as a security module, the following security functions are
accessible to the ET 200SP station on the interface to the Ethernet network:
●
The firewall protects the device with:
– IP firewall with stateful packet inspection (layer 3 and 4)
– Firewall also for "non-IP" Ethernet frames according to IEEE 802.3 (layer 2)
– Limitation of the transmission speed ("Bandwidth limitation")
●
For the secure authentication of the communications partners, certificates are used.
●
Communication made secure by IPsec tunnels (VPN)
VPN tunnel communication allows the establishment of secure IPsec tunnels for
communication with one or more security modules. The CP can be put together with
other modules to form VPN groups during configuration. IPsec tunnels (VPN) are created
between all security modules of a VPN group.
●
To allow monitoring, events can be stored in log files that can be read out using the
configuration tool or can be sent automatically to a Syslog server.
●
For secure transfer during time-of-day synchronization
To Next Page
Loading...
Need help?
General
