B1-44, Nbasic measures, Nadditional measures to further increase security – Yokogawa YFGW710 User Manual

<B1. Engineering>

B1-44

IM 01W01F01-01EN

(2) Example of a System Configuration Considering Security

The following describes an example of a configuration of a CENTUM system that handles field

wireless devices and that considers security.

n

Basic Measures

▪ The network architecture has a hierarchical structure of security levels, and levels that need

to be separated for security reasons are divided into segments by firewall and DMZ.

▪ The control network is completely separated into a segment for the control system and one

for the field wireless network.

▪ A switch is installed between YFGW710 and the PC to perform access control.
▪ A firewall is installed and IP-VPN is constructed for the segment that connects the Wide

Area Universal Field Network both on the system and YFGW710 sides.

▪ The IT security settings for Yokogawa system products are applied to all the PCs.

n

Additional Measures to Further Increase Security

▪ The same security level is separated into a control system network and a field wireless net-

work, and a firewall is installed between the two networks. (Horizontal direction)

▪ A firewall is installed between all the hierarchical layers. (Vertical direction)
▪ The server and the client do not coexist on the same PC, but exist separately on different

PCs.

▪ PRM field communication servers for CENTUM and the field wireless network exist sepa-

rately on different PCs.

▪ Field Wireless Configurator and Field Wireless Management Tool also exist separately on

different PCs.