Physical production security
The production's physical security can be ensured, for example, via the following measures:
● Separate access control for critical areas, such as production areas
● Installation of critical components in lockable control cabinets / switching rooms including
monitoring and alarm signaling options
● Configuration of the radio field to restrict the WLAN range so that it is not available outside
the defined areas (e.g. factory building).
● Guidelines that prevent the use of third-party data storage media, e.g. USB flash drives,
and IT devices, e.g. notebooks, classified as insecure in systems.
Further information
Further information on integrated Siemens security solutions can be found on the Siveillance
page (
http://www.buildingtechnologies.siemens.com/bt/global/en/security-solution/Pages/
security-solution.aspx).
4.2 Network security
Network security includes all measures taken to plan, implement and monitor security in
networks. This includes the control of all interfaces, e.g. between the office network and plant
network, or remote maintenance access via the Internet.
4.2.1 Network segmentation
4.2.1.1 Separation between production and office networks
One important protective measure for your automation or drive system is the strict separation
of the production networks and the other company networks. This separation creates
protection zones for your production networks.
Note
The products described in this manual must only be operated in defined protection zones.
Separation by means of a firewall system
In the simplest scenario, separation is achieved by means of an individual firewall system
which controls and regulates communication between networks.
General security measures
4.2 Network security
Industrial Security
Configuration Manual, 08/2017, A5E36912609A 21
To Next Page
Loading...
Need help?
General