General security measures
Observe the general security measures even within protection zones, for example:
● Virus scanners (Page 31)
● Reduction of attack points (Page 31)
Network segmentation with SCALANCE S
Siemens provides SCALANCE S security modules to meet network protection and network
segmentation requirements.
SCALANCE S security modules
SCALANCE S security modules with Security Integrated provide:
● Stateful inspection firewall
In order to implement user-specific control and logging, firewall rules can also be specified
that only apply to certain users.
● VPN via IPsec (data encryption and authentication)
This establishes a secure tunnel between authenticated users whose data cannot be
intercepted or manipulated. The most important aspect is the protection against external
access via the Internet.
● NAT/NATP (address translation)
● Router functionality (PPPoE, DDNS) for broadband Internet access (DSL, cable)
● S623 with additional VPN port (DMZ) enables the secure connection of an additional
network for service and remote maintenance purposes. S623 also permits the secure,
redundant connection of subordinate networks by means of routers and firewall redundancy.
Principle
This application example shows cell segmentation by several SCALANCE S modules, each
of which is upstream of the automation cell. The data traffic to and from the devices within
automation cells can be filtered and controlled with the SCALANCE S firewall. If required, the
traffic between the cells can be encrypted and authenticated. Secure channels and client
access from the PCs to the cells can be established via SOFTNET Security Client, VPN client
software for PCs.
Industrial security
2.3 General security measures
SIMOTION P320-4 E / P320-4 S
Manual, 03/2018, A5E36004933B
29