Configuring the system time Centralized security logging only makes sense if all devices have a synchronized time. NTP is already supported today. TimeServer provides all devices with the same time base. For each device you have to configure which time server it should use. Use the corresponding… Read More
Activating the App Manager Installing apps can compromise security Before installing an app, you must perform a risk analysis of the app and its impact on the security of the device and the application, taking into account the overall security context. In particular, investigate the following effects… Read More
Activating HMI Activating PLCnext Engineer HMI For information on how to create a PLCnext Engineer HMI application, refer to the topic Creating a PLCnext Engineer HMI application in the PLCnext Technology ‑ Info Center. For information on user roles and permissions, refer to the User Authentication WBM topic in the main PLCnext Technology ‑ Info Center. Before you can use an HMI application… Read More
Use cases and security context PLCnext Technology is supporting different security use cases: Openness is the leading approach, security is not a leading requirement: Industrial Security application note (AH EN INDUSTRIAL SECURITY) must be considered Security is an overall system design requirement, and is ensued by the system… Read More
Activating PROFINET A large port range is required for the use of PROFINET as the system automatically selects the required ports depending on the network configuration. To restrict access to the PROFINET interfaces, the IP addresses of the PROFINET devices must be configured so that only the controller… Read More
PLCnext Technology security hardening To use PLCnext Technology as an IEC 62443-4-1/4-2 certified component, the activation of the Security Profile is mandatory. In addition, the automation system design must fit the security context and the generic use cases described in this PLCnext Technology ‑ Security Info Center. With activated Security Profile PLCnext Technology supports the following… Read More
PLCnext starting up The starting up of a PLCnext Control in a security context includes the following steps: Checking the device Deriving IP addresses Assigning IP addresses Configuring TLS Generating self-signed HTTPS certificates in the WBM Uploading the certificate in the browser Activating the Security… Read More
Periodic security maintenance activities You must check regularly: user roles and permissions password complexity rules and password changes firewall settings all security-related settings the product download area for firmware updates the PSIRT webpage for known security vulnerabilities Security functionality verification… Read More
Example: Secured OPC UA Communication On the ‘Security’ page of the ‘OPC UA’ PLANT tree node, you can specify settings regarding certificates and authentication which must be performed successfully in order to establish a secure connection between OPC UA clients and the OPC UA server. Furthermore, you can… Read More
Secure operation The secure operation of PLCnext Control in your specific application context requires a defined procedure. You will find all necessary steps in the following sections: PLCnext starting up: Everything you need to know when starting up your PLCnext Control in a security context. PLCnext environmental requirements: All environmental… Read More
