This entry provides an overview of:
The growing networking of industrial plants increases productivity. At the same time, however, IT security risks increase likewise, which must be tackled with appropriate protective mechanisms for Industrial Security. It is essential here to have an overall perception that includes both technical measures and staff training as well as the definition of guidelines and processes. This is necessary to achieve optimum security and ensure secure operation of the plant.
More information about technical solutions and our service offering for industrial security is available in the internet at:
Applications & Tools
The Applications & Tools below provide information on the topic of "Industrial Security".
|Applications & Tools
|Security with SIMATIC NET
||This application provides an overview of possible security configurations in the Local Area Network (LAN) and WAN (Wide Area Network) with SCALANCE S61x modules and the SOFTNET security client.
|Industrial Security with SCALANCE S modules via IPSec VPN tunnel (Configuration 4)
||These applications show safe teleservicing with SCALANCE S via a Virtual Private Network (VPN).
|Secure remote access to SIMATIC stations via Internet and EGPRS router MD741-1 and SCALANCE S612 (Configuration 9)
|Protection of an automation cell by the Security Module SCALANCE S602 via firewall (bridge/routing) (Configuration 5)
||This application shows the configuration of a secure automation cell with SCALANCE S firewall.
|SINAUT ST7 Telecontrol sample configurations in Ethernet, secure Internet and (E)GPRS environment (Configuration 8)
||This application shows the configuration of secure internet connections for Telecontrol stations with SINAUT ST7
|User login on the operator panel via HMI-RFI
||This application shows how to carry out a secure user login on an operator panel with an HMI-RFI (card reader).
|Diagnostics and teleservicing of SIMATIC Industry PCs
||This application shows you how to use the teleservicing option with SIMATIC Industry PCs and the integrated Intel AMT technology.
Microsoft Security Updates
The entries below provide information about using Microsoft Security Updates together with WinCC, PCS 7, SIMOTION and SINUMERIK.
||Which Microsoft Security Patches are released for use with SIMATIC WinCC?
||Which Microsoft Security Patches have been tested for compatibility with SIMATIC PCS 7?
||SIMOTION P350: Compatibility of Microsoft security patches
||SINUMERIK 810D/840Di/840D: Compatibility of Microsoft security patches with SINUMERIK PCU 50/70
The manuals and entries below provide information about virus protection for PCS 7 and SINUMERIK.
||Entry or manual title
|STEP 7 V5.3, V5.4 and V5.5.
||Which virus scanner versions can you use for STEP 7 V5.3, V5.4 and V5.5?
|Trend Micro Office Scan
||SIMATIC Process Control System PCS 7 Configuration Trend Micro Office Scan V7.3 incl. Patch 2
|Configuration Trend Micro OfficeScan V8.0
||SIMATIC Process Control System PCS 7 Configuration Symantec AntiVirus V10.2
|Symantec Endpoint Protection
||SIMATIC Process Control System PCS 7 Configuration Symantec Endpoint Protection 11.0
||SIMATIC Process Control System PCS 7 Configuration McAfee VirusScan (V8.5; V8.5i; V8.7)
||Notes on virus protection for SINUMERIK 840D sl / 840Di sl
Whitelisting Protection Mechanisms
The entries below provide information about using whitelisting protection mechanisms with SIMATIC products.
|STEP 7 V5.5
||Using whitelisting protection mechanisms with SIMATIC products
|PCS7 V7.1 + SP2|
|WinCC V7.0 + SP1|
|WinCC V7.0 + SP2|
|WinCC flexible 2008 + SP2|
The entries below provide information about configuring a firewall.
||Which firewall rules should you configure for SCALANCE S in order to have access to the internet with the PG/PC via the SCALANCE and router?
|Which firewall rules do you have to define for SCALANCE S in the Security Configuration Tool to allow data traffic between internal and external networks for a specific IP address area?
||Which firewall rules should you configure for the EGPRS router MD741-1 in order to have access to the internet with the PG/PC from the LAN of the MD741-1?
|Security Configuration Tool
||What are the restrictions when configuring the bandwidth limit of a firewall rule with the Security Configuration Tool V2.1?
Virtual Private Network (VPN)
The entries below provide information about configuring a Virtual Private Network (VPN) with SCALANCE S and SOFTNET Security Client.
|SOFTNET Security Client
||How do you configure a VPN tunnel between a PC station and SCALANCE S61x via the internet with the 2008 edition of SOFTNET Security Client?
|How do you configure a VPN tunnel between a PC station and SCALANCE S61x V2.1 via the internet with the SOFTNET Security Client Edition 2005 HF1?
||How is a VPN tunnel between two SCALANCE S S 61x modules configured in Routing mode via the internet?
|How do you configure a VPN tunnel between a PC station with Windows XP SP2 and SCALANCE S61x V2.1 via the internet with the Microsoft Management Console?
|What can you do if there is no VPN tunnel set up in the SCALANCE S 61x, the SOFTNET Security Client or the MD740-1?
|What configuration steps are necessary to forward the coded data packages incoming on the SCALANCE S61x from the VPN tunnel to specific internal nodes only?
The entries below provide information about access control in process control systems like PCS 7.
||Entry ID / Link|
|WinCC / PCS 7 Process Control System
||Which safety precautions help against unauthorized access in the SIMATIC PCS 7 / WinCC environment?
|WinCC / PCS 7 SCADA System|
|PCS 7 Process Control System
Remote Access via Internet, Gateways
The entries below provide information about Remote Access via the internet and you you can use an Industrial Ethernet CP or SCALANCE S as a gateway.
|Remote Access with WinCC flexible
||What are the options for remote maintenance of a WinCC flexible Runtime system (Panel/PC) via the internet (WAN)?
|Industrial Ethernet CP or SCALANCE S as Gateway
||How do you use an Industrial Ethernet CP or SCALANCE S as a gateway?
The entries below provide information about the latest developments and the measures recommended by Siemens for handling Stuxnet.
|WinCC / PCS 7
||SIMATIC WinCC / SIMATIC PCS 7: Information about malware / viruses / Trojan horses
||SIMOTION: Latest information about malware / viruses / Trojan horses
||SINUMERIK PCU: Latest information about malware / viruses / Trojan horses
Protection against Manipulation
Information about how to recognize and prevent program code manipulation in STEP 7 V5.5 is available in Entry ID: 51577287.