Network access security – Rockwell Automation 1756-EN2TSC EtherNet/IP Secure Communication User Manual User Manual

Page 12

Advertising
background image

12

Rockwell Automation Publication ENET-UM003B-EN-P - September 2013

Chapter 1

Secure Communication Architecture

The trusted slot and serial number lock features are for applications that have
concern with physical access to and tampering with the controller.

Network Access Security

The 1756-EN2TSC module uses the Internet Protocol Security (IPsec)
technology to provide secure communication over the Ethernet network. IPsec is
widely-deployed, and is often used to create Virtual Private Networks (VPN).
IPsec provides the following security features:

Authentication of the communication end points (both client and server)
Data authenticity and integrity (via message integrity checks)
Data confidentiality (via encryption algorithms)

Use of the IPsec protocol suite lets you use the Microsoft Windows VPN client
to connect securely to the module. IPsec also lets the module create secure
tunnels with other 1756-EN2TSC modules and with off-the-shelf, VPN
appliances.

While the module supports secure communication, the module is not intended
to be connected directly to the public Internet and provide a VPN function, or be
the mechanism by which remote access is provided to a network. The module
does not provide the ability to expose a private network address range via
IPsec—only the module’s IP address is available.

The module does the following:

Secures access to the controller and I/O modules in the local chassis
Secures bridge access to other networks accessible within the local chassis

IMPORTANT

Use caution with these features and make sure you have the controller project backed up in a
secure location. If the module becomes disabled for any reason, you have to download to the
controller to recover.

IMPORTANT

The module does not provide access to a private network.

EtherNet/IP™

RUN

SD

OK

FORCE

Logix5575

EtherNet/IP™

DeviceNet Access via 1756-DNB

EtherNet/IP Access via 1756-EN2T

Secure Plant Network Access via
1756-EN2TSC

ControlLogix
Chassis

Advertising
See also other documents in the category Rockwell Automation Equipment: