Industrial Cyber Security

Cyber security in the industrial automation gains more attention in the upcoming years, so PLCnext Technology is going to develop faster in this regard. Come back to this section for more features, basic information and tutorials.

Security iconSecurity Note: For security issues and possible vulnerabilities, please contact the
Product Security Incident Response Team (PSIRT) of Phoenix Contact via its website.

Built-in features

The Linux operating system which PLCnext Technology is built on features of the following components and services:

Security iconPlease note the guidelines in our PLCnext Security Info Center.
For developing secure-by-design, IEC 62443‑2 compliant applications with PLCnext Technology, get a good grasp of the concepts used in the Security context.

Security settings via WBM

For the time being, most of the security-related settings in PLCnext Technology are configured in the Security area of the Web-based Management (WBM) that resides on every PLCnext Control. For basic handling of the WBM, see here.

To help you find your way through the many settings and parameters for each security feature, the information to the security-related topics in this section are sorted according to the pages in the Security area of the WBM:

In addition, you might be interested in these security-related topics:

OpenVPN™ client

With the OpenVPN™ software, you have the option of establishing a virtual private network (VPN) and therefore a secure connection via an unsecured network. The data is encrypted with suitable protocols.

All necessary settings can be made under /etc/openvpn. Note that OpenVPN knowledge is required to make these settings. For further information, please refer to openvpn.net.

IPsec (strongSwan)

IPsec is an encryption and authentication protocol with which VPN connections (Virtual Private Networks) can be established. StrongSwan is an implementation of the IKE (Internet Key Exchange) protocol and can be used for VPN connections via IPsec.

For details, please refer to strongswan.org.

Configuration notes

You can edit the /etc/ipsec.conf configuration file with admin user rights. Use the following commands:

  • Start the daemon: sudo ipsec start
  • Stop the daemon: sudo ipsec stop
  • Restart the daemon: sudo ipsec restart
  • Call up the status: sudo ipsec status

Configuration examples

Configuration examples are available at strongSwan.

 

 

 


• Published/reviewed: 2024-12-10  ☃  Revision 075 •