9.2 PROFINET installation guidelinesn The topic of data security and access protection have become increasingly importantin the industrial environment. The increased networking of entire industrial systems tothe network levels within the company together with the functions of remote mainte-nance have all served to increase vulnerability.n Threats can arise from internal manipulation like technical errors, operator and pro-gram errors respectively from external manipulation like software viruses and worms,trojans and password phishing.The most important precautions to prevent manipulation and loss of data security in theindustrial environment are:n Encrypting the data traffic by means of certificates.n Filtering and inspection of the traffic by means of VPN - "Virtual Private Networks".n Identification of the nodes by "Authentication" via save channels.n Segmenting in protected automation cells, so that only devices in the same group canexchange data.n With the "VDI/VDE 2182 sheet 1", Information Security in the Industrial Automation -General procedural model, VDI guidelines, the VDI/VDE society for measuring andautomation engineering has published a guide for implementing a security architec-ture in the industrial environment. The guideline can be found at www.vdi.den PROFIBUS & PROFINET International (PI) can support you in setting up securitystandards by means of the "PROFINET Security Guideline". More concerning this canbe found at the corresponding web site e.g. www.profibus.comn Due to the open standard of PROFINET standard Ethernet components may be used.For industrial environment and due to the high transfer rate of 100MBit/s youPROFINET system should consist of Industrial Ethernet components.n All the devices interconnected by switches are located in one and the same network.All the devices in a network can communicate directly with each other.n A network is physically limited by a router. If devices need to communicate beyondthe limits of a network, you have to configure the router so that it allows this communi-cation to take place.n With the linear structure all the communication devices are connected via a linear bustopology. Here the linear bus topology is realized with switches that are already inte-grated into the PROFINET device.n If a communication member fails, communication across the failed member is nolonger possible.n If you connect communication devices to a switch with more tan 2 PROFINET ports,you automatically create a star network topology.n If an individual PROFINET device fails, this does not automatically lead to failure ofthe entire network, in contrast to other structures. It is only if a switch fails that part ofthe communication network will fail as well.In order to increase the availability of a network the both open ends of a linear bus top-ology may be connected by a switch. By configuring the switch as redundancy manageron a break in the network it ensures that the data is redirected over an intact networkconnection.Generals to data securityPrecautionsGuidelines for informationsecurityIndustrial EthernetTopologyLinearStarRingVIPA System 300S+Deployment Ethernet communication - PROFINETPROFINET installation guidelinesHB140 | CPU | 317-4PN23 | en | 18-01132