Application and properties
1.4 Security functions
CP 1243-1
14
Operating Instructions, 04/2017, C79000-G8976-C365-03
Security functions of the telecontrol protocols
●
TeleControl Basic
–
Encrypted telecontrol communication
As an integrated (unconfigurable) security function, the protocol encrypts the data for
transfer.
You configure the interval of the key exchange between the CPU and telecontrol
server in STEP 7 in the parameter group "Ethernet interface (X1) > Advanced options
> Transmission settings".
–
Telecontrol password
To authenticate the CP with the telecontrol server
●
DNP3
The security functions specific to DNP3 can be used.
●
IEC 60870-5
For the IEC protocol there are no protocol-specific security functions available.
Further configurable security functions of the CP
As a result of using the CP, as a security module, the following security functions are
accessible to the S7-1200 station on the interface to the external network:
●
Firewall
–
IP firewall with stateful packet inspection (layer 3 and 4)
–
Firewall also for "non-IP" Ethernet frames according to IEEE 802.3 (layer 2)
–
Limitation of the transmission speed ("Bandwidth limitation")
–
Global firewall rules
●
Communication made secure by IPsec tunnels (VPN)
VPN tunnel communication allows the establishment of secure IPsec tunnels for
communication with one or more security modules.
The CP can be put together with other modules to form VPN groups during configuration.
IPsec tunnels (VPN) are created between all security modules of a VPN group. All
internal nodes of these security modules can communicate securely with each other
through these tunnels.
●
Logging
To allow monitoring, events can be stored in log files that can be read out using the
configuration tool or can be sent automatically to a Syslog server.
●
STARTTLS / SMTPS
For the secure transfer of e-mails
●
NTP (secure)
For secure transfer during time-of-day synchronization