Industrial Cyber Security
Cyber security in the industrial automation gains more attention in the upcoming years, so PLCnext Technology is going to develop faster in this regard. Come back to this section for more features, basic information and tutorials.
Security Note: For security issues and possible vulnerabilities, please contact theProduct Security Incident Response Team (PSIRT) of Phoenix Contact via its website.
Built-in features
The Linux operating system which PLCnext Technology is built on features of the following components and services:
- Firewall
- OpenVPN
- IPsec via strongSwan
- SSH/SFTP
- NTP (Network Time Protocol)
- DNS
Please note the guidelines in our PLCnext Security Info Center.For developing secure-by-design, IEC 62443‑2 compliant applications with PLCnext Technology, get a good grasp of the concepts used in the security context.
Security settings via WBM
For the time being, most of the security-related settings in PLCnext Technology are configured in the Security area of the Web-based Management (WBM) that resides on every PLCnext Control. For basic handling of the WBM, see here.
To help you find your way through the many settings and parameters for each security feature, the information to the security-related topics in this section are sorted according to the pages in the Security area of the WBM:
- Security Profile
- User Authentication
- LDAP configuration
- Firewall
- SD Card settings
- Certificate Authentication
- Syslog configuration
In addition, you might be interested in these security-related topics:
- LDAPS connection (file-based configuration)
- Additional filters via nftables
OpenVPN™ client
With the OpenVPN™ software, you have the option of establishing a virtual private network (VPN) and therefore a secure connection via an unsecured network. The data is encrypted with suitable protocols.
All necessary settings can be made under /etc/openvpn. Note that OpenVPN knowledge is required to make these settings. For further information, please refer to openvpn.net.
IPsec (strongSwan)
IPsec is an encryption and authentication protocol with which VPN connections (Virtual Private Networks) can be established. StrongSwan is an implementation of the IKE (Internet Key Exchange) protocol and can be used for VPN connections via IPsec.
For details, please refer to strongswan.org.
Configuration notes
You can edit the /etc/ipsec.conf configuration file with admin user rights. Use the following commands:
- Start the daemon:
sudo ipsec start - Stop the daemon:
sudo ipsec stop - Restart the daemon:
sudo ipsec restart - Call up the status:
sudo ipsec status
Configuration examples
Configuration examples are available at strongSwan.
See also