SIEMENS
8/8
Siemens IK PI · 2015
Industrial Security
Security Integrated
SCALANCE S
8
■
Overview
•
Security modules for the protection of automation networks
and security during data exchange between automation
systems.
•
Checking and filtering of data traffic by integrated firewall and
thus:
- Protection against operator mistakes
- Prevention of unauthorized access
- Prevention of faults and communications overload
•
Authentication of the communication partners and encryption
of the transmitted data with VPN and thus protection of
communication against espionage and manipulation.
•
Rugged, industry-compatible design of the devices
•
Easy and clear configuration:
Using the Security Configuration Tool (SCT), all SIMATIC NET
security products can be configured and diagnosed from a
central position.
•
No changes or adaptations necessary in the existing network
topology, applications or network stations since SCALANCE S
can also be used as a bridge and not just as a router.
•
Securing of communication is independent of the protocol
(e.g. PROFINET or other Ethernet-based fieldbus solutions)
•
Secure remote access via the Internet possible without restric-
tions and with any providers
•
Increased availability is possible by means of redundant
protection of automation cells or ring topologies
Product versions:
SCALANCE S602;
•
Uses the stateful inspection firewall to protect network
segments against unauthorized access.
•
"Ghost mode" for protection of individual, even alternating,
devices by dynamically taking over the IP address.
•
Connection via 10/100/1 000 Mbit/s ports.
SCALANCE S612;
•
Uses the stateful inspection firewall to protect network
segments against unauthorized access.
•
Up to 128 VPN tunnels can be operated simultaneously.
•
Connection via 10/100/1 000 Mbit/s ports.
SCALANCE S623;
•
Uses the stateful inspection firewall to protect network
segments against unauthorized access.
•
Up to 128 VPN tunnels can be operated simultaneously.
•
Connection via 10/100/1 000 Mbit/s ports.
•
Additional RJ45 DMZ port (DMZ: "demilitarized zone") for
secure connection from, for example, remote maintenance
modems, laptops, or an additional network. This yellow port
protected by firewalls from the red and green ports and can
also terminate VPNs.
•
Redundant protection of automation cells by means of router
and firewall redundancy and stand-by linking of the redundant
device via the yellow port.
SCALANCE S627-2M;
•
Uses the stateful inspection firewall to protect network
segments against unauthorized access.
•
Up to 128 VPN tunnels can be operated simultaneously.
•
Connection via 10/100/1 000 Mbit/s ports.
•
Additional RJ45 DMZ port (DMZ: "demilitarized zone") for
secure connection from, for example, remote maintenance
modems, laptops, or an additional network. This yellow port
protected by firewalls from the red and green ports and can
also terminate VPNs.
•
Redundant protection of automation cells by means of router
and firewall redundancy and stand-by mode of the redundant
device; status matching of the firewall by means of a synchro-
nization cable between the yellow ports.
•
Two additional slots for one 2-port media module each
(see
SCALANCE X-300) for direct integration in ring structures
and FO networks with two additional switched red or green
ports per module.
•
Bridging of longer cable runs or use of existing 2-wire cables
(e.g. PROFIBUS) by deploying MM992-2VD media modules
(variable distance).
© Siemens AG 2014