Site Map | Contact Us
Home  |  Products & Solutions  |  News Centre  |  E-Commerce  |  Support  |  About Us
Login | Register
Products
Automation Systems
Low Voltage Controls & Distribution
Drive Technology
Sensors & Communication
Cables
Industries
Solutions
Services
Solution Partners

SCALANCE S

The SCALANCE S Industrial Ethernet Security Module as well as the Softnet Security Client are now available!

Overview

SCALANCE S Security Modules are the core of the new groundbreaking industrial security concept by Siemens Automation & Drives, based on the protection of automation cells and network segments. This enables an even more effective protection of the automation network against danger from inside, such as deliberate or undeliberate incorrect accessing by employees and excessive or unnecessary communication load. In the case of remote accessing via unsafe networks, such as Internet or WAN, encryption can be used to safeguard the communication against data espionage and manipulation.

As a result of the increasing integrated Ethernet-based interconnection of automation networks with other networks (e.g. MES or office networks), or connection to company Intranets and remote maintenance via WAN or Internet, modern industrial communication is subject to considerable risks and dangers. Existing security concepts designed for office environments are no longer sufficient for the special requirements of automation technology, because they require permanent maintenance and special expert knowledge the integration in existing networks is not free from retroaction, i.e. network topologies have to be changed and network subscribers newly configured the special world of automation protocols is not accounted for, in particular Layer 2 protocols.

Security functions

The Siemens Scalance S security module utilises all of the common IT security standards including IPSEC to allow you to utilise the following Security functionality.

VPN (Virtual Private Network)

For safe authentication (identification) of network subscribers, for data encryption and checking of data integrity.

Firewall

Filters data packages and disables or enables communication connections in accordance with a filter list (packet-filter firewall). Both incoming and outgoing communication can be filtered. IP and MAC addresses, as well as communication protocols (ports) are filtered. The firewall can be used as an alternative, or as a supplement to VPN.

Authentication

Every incoming data stream is monitored and checked. In view of the fact that IP addresses can be forged (IP spoofing), checking the IP address (of the client access) is not enough. In addition, client PCs may have changing IP addresses. For this reason authentication is carried out by means of  proven VPN mechanisms.

Data encryption

Safe encryption is needed to protect the data exchange against espionage and manipulation. In this way the data will remain unintelligible for any eavesdropper in the network. The Security Module will establish a VPN tunnel to other Security Modules for this purpose.

Logging

To be able to identify and follow-up attack or access attempts, such data can be stored in a log file and read out with the configuration tool.

Configuration without special security know-how

The configuration can also be done by users possessing very little knowledge about security mechanisms. The minimum configuration needed is to allocate the Security Modules of a network to groups. Only the modules within a group can establish VPN tunnels with one another. This ensures that only authenticated and authorized devices can access a network subscriber protected by a Security Module. Above that the data transmission is encrypted and in this way protected against espionage and manipulation. In view of the fact that the configuration tool generates the VPN certificates, no elaborate PKI infrastructure or separate creation or loading of keys is necessary! Automatic learning by the subscribers of the internal network and recognizing of other Security Modules in a network ensures a minimum of configuration work and also enables dynamic expansion without much configuration!
The configuration tool is included in the scope of supply of SCALANCE S.

Module replacement without programming device

The C-PLUG (Configuration Plug) is available as an option to save all the configuration data of a  SCALANCE S module. If a SCALANCE S device should fail, the C-PLUG can be removed and plugged into the new SCALANCE S device, so that downtime is reduced considerably.

Unique strain relief concept

The SCALANCE S series have new strain relief sleeves on electrical ports which when used with PROFINET compliant Industrial Ethernet connectors eg. FastConnect RJ45 Plug 180, provides improved tensile and bending force resistance (from the connected data cables) in comparison with standard RJ45 connectors.

Application

User benefits of SCALANCE S

Access control for automation devices and protection of data transmission in an industrial environment. Security is completely independent of the protocol, i.e. all the IP-based (layer 3) and MAC-based (layer 2) communication can be protected.

Handling is easy with only a minimum of configuration and no specialist knowledge on IT security is needed.
Problem free integration into existing networks with neither the network topology having to be changed or adapted, nor any network subscriber newly configured.
Robust, industrialized design, tailored for the requirements of an industrial environment.In addition to SCALANCE S we also provide a SOFTNET Security Client for the design of secure VPN connections of PGs/PCs with network segments protected by SCALANCE.

Ordering data

Description Part Number

SCALANCE S 612
Security Modules for the protection of automation devices and automation networks and to safeguard industrial communication.
No. of simultaneous VPN connections : Max 64
No. of internal nodes : Max 32
The scope of supply includes a CD ROM with:
Configuration tool and Electronic User Manual

 6GK5612-0BA00-2AA3
Accessories
Industrial Ethernet SOFTNET Security Client
Software for the design of secure VPN connections of PGs/PCs with network segments, protected by SCALANCE S;
Single License for 1 installation, Runtime software, configuration tool and electronic user manual on CD-ROM.
Windows 2000/XP Professional		 6GK1704-1VW01-0AA0
SIMATIC NET C-PLUG
Configuration Plug to store the configuration data of SIMATIC NET components for quick module replacement without PG		 6GK1900-0AB00

More information

For more information on SCALANCE please visit
www.siemens.com/scalance
or contact
iac.sales.au@siemens.com.
Print
   
© Siemens AG 2001-2008 - Corporate Information - Privacy Policy - Terms of Use