315-4PN33

ManualsBrandsTechnical data ManualsSoftwareCPU

121

122

123

124

125

126

127

128

129

130

8.2 PROFINET installation guidelines

n The topic of data security and access protection have become

increasingly important in the industrial environment. The

increased networking of entire industrial systems to the network

levels within the company together with the functions of remote

maintenance have all served to increase vulnerability.

n Threats can arise from internal manipulation like technical errors,

operator and program errors respectively from external manipula-

tion like software viruses and worms, trojans and password

phishing.

The most important precautions to prevent manipulation and loss of

data security in the industrial environment are:

n Encrypting the data traffic by means of certificates.

n Filtering and inspection of the traffic by means of VPN - "Virtual

Private Networks".

n Identification of the nodes by "Authentication" via save channels.

n Segmenting in protected automation cells, so that only devices in

the same group can exchange data.

n With the "VDI/VDE 2182 sheet 1", Information Security in the

Industrial Automation - General procedural model, VDI guidelines,

the VDI/VDE society for measuring and automation engineering

has published a guide for implementing a security architecture in

the industrial environment. The guideline can be found at

www.vdi.de

n PROFIBUS & PROFINET International (PI) can support you in

setting up security standards by means of the "PROFINET

Security Guideline". More concerning this can be found at the cor-

responding web site e.g. www.profibus.com

n Due to the open standard of PROFINET standard Ethernet com-

ponents may be used. For industrial environment and due to the

high transfer rate of 100MBit/s you PROFINET system should

consist of Industrial Ethernet components.

n All the devices interconnected by switches are located in one and

the same network. All the devices in a network can communicate

directly with each other.

n A network is physically limited by a router. If devices need to com-

municate beyond the limits of a network, you have to configure the

router so that it allows this communication to take place.

n With the linear structure all the communication devices are con-

nected via a linear bus topology. Here the linear bus topology is

realized with switches that are already integrated into the PRO-

FINET device.

n If a communication member fails, communication across the failed

member is no longer possible.

Generals to data

security

Precautions

Guidelines for informa-

tion security

Industrial Ethernet

Topology

Linear

VIPA System 300SDeployment Ethernet communication - PROFINET

PROFINET installation guidelines

HB140 | CPU | 315-4PN33 | GB | 14-43 130