User's Manual

ManualsBrandsSiemens ManualsWelding SystemSiemens Welding System ST PCS 7

161

162

163

164

165

166

167

168

169

170

Communication

Industrial Security

Introduction

9/33

Siemens ST PCS 7 · November 2007

■

Overview

Example of "defense in depth" security architecture

The progressive standardization, opening and networking of

control systems has been accompanied by an enormous in-

crease in security risks. The potential dangers arising from de-

structive programs such as computer viruses, worms or trojans

or from access by unauthorized personnel range from network

overloads or failures, theft of passwords and data, to unautho-

rized access to the process automation. Apart from material

damage, specifically targeted sabotage can also have danger-

ous consequences for people and the environment.

■

Function

With its pioneering security concept, SIMATIC PCS 7 offers com-

prehensive solutions for safeguarding a process engineering

plant that are based on a hierarchical security architecture (de-

fense in depth). The special feature of this concept is its inte-

grated approach. It is not just restricted to the use of individual

security methods (e.g. encryption) or devices (e.g. firewalls). Its

strengths lie more in the interaction of a host of security mea-

sures in the plant network. The security concept is described in

detail in the manual "SIMATIC PCS 7 recommendations and in-

formation", and comprises advice and recommendations (best

practices) on the following topics:

• Creation of a network architecture with defense in depth, com-

bined with the segmentation of the plant into security cells

• Network administration with name resolution, assignment of

IP addresses and division into subnetworks

• Operation of plants in Windows domains (active directory)

• Administration of the Windows and SIMATIC PCS 7 operator

privileges; integration of the SIMATIC PCS 7 operator privi-

leges into the Windows administration

• Reliable control of the clock synchronization in the Windows

network

• Management of security patches for Microsoft products

• Use of antivirus software and firewalls

• Support and remote access (VPN, IPSec)

On the system side, SIMATIC PCS 7 V7.0 supports the imple-

mentation of guidelines and recommendations of the security

concept by means of:

• Compatibility with the current versions of the antivirus soft-

ware: Trend Micro OfficeScan, Symantec Norton AntiVirus and

McAfee Virusscan

• Application of the local Windows XP firewall

• SIMATIC security control (SSC) for automatic setting of safety-

related parameters of DCOM, registry and Windows firewall

during the setup

• User administration and authentication by means of SIMATIC

Logon

• Integration of the SCALANCE S602, S612 and S613 industrial

security modules of SIMATIC NET

The manual "SIMATIC PCS 7 Security Concept, Recommenda-

tions and Advice" is available on the Internet via the SIMATIC

Guide for Technical Documentation under "SIMATIC PCS 7

Process Control Systems & Migration".

You can find the SIMATIC Guide for Technical Documentation on

the Internet.

Additional information is available in the Internet under:

http://www.siemens.com/simatic-docu

INTERNET

Plant bus 1

Terminal bus 1 (OS-LAN) Terminal bus 2 (OS-LAN)

Plant bus 2

Security cell

Firewall

Firewall Firewall

Security cell

Manufacturing Execution

System (MES)

Enterprise Resource

Planning (ERP)