Configuring Network Time Protocol Synchronization - Siemens S7-1200 System Manual
Hide thumbs
Also See for S7-1200:
- Operating instructions manual (132 pages) ,
- Programming manualline (74 pages) ,
- Manual (46 pages)
Table of Contents
5.7.7
Configuring Network Time Protocol synchronization
If an attacker can access your networks through Network Time Protocol (NTP)
synchronization, the attacker can possibly take limited control of your process by shifting
the CPU system time.
The NTP client feature of the S7-1200 CPU is disabled by default, and, when enabled, only
allows configured IP addresses to act as an NTP server. The CPU disables this feature by
default, and you must configure this feature to allow remotely-controlled CPU system time
corrections.
The S7-1200 CPU supports "time of day" interrupts and clock instructions that depend upon
accurate CPU system time. If you configure NTP and accept time synchronization from a
server, you must ensure that the server is a trusted source. Failure to do so can cause a
security breach that allows an unknown user to take limited control of your process by
shifting the CPU system time.
For security information and recommendations, please see our "Operational Guidelines for
Industrial Security"
security/Documents/operational_guidelines_industrial_security_en.pdf) on the Siemens
Service and Support site.
The Network Time Protocol (NTP) is widely used to synchronize the clocks of computer
systems to Internet time servers. In NTP mode, the CPU sends time-of-day queries at
regular intervals (in the client mode) to the NTP server in the subnet (LAN). Based on the
replies from the server, the most reliable and most accurate time is calculated and the time
of day on the station is synchronized.
The advantage of this mode is that it allows the time to be synchronized across subnets.
The IP addresses of up to four NTP servers need to be configured. The update interval
defines the interval between the time queries (in seconds). The value of the interval ranges
between 10 seconds and one day.
In NTP mode, it is generally UTC (Universal Time Coordinated) that is transferred; this
corresponds to GMT (Greenwich Mean Time).
In the Properties window, select the "Time synchronization" configuration entry. STEP 7
displays the Time synchronization configuration dialog:
S7-1200 Programmable controller
System Manual, 03/2014, A5E02486680-AG
WARNING
(http://www.industry.siemens.com/topics/global/en/industrial-
5.7 Configuring the CPU for communication
Device configuration
165
Table of Contents
