Remote access/remote maintenance Consideration: risks and benefits The increasing network capabilities of devices used to build automation infrastructures and systems enable a variety of new opportunities. Remote access to systems and data facilitates monitoring and maintenance of plants via the Internet. This saves costs, shortens the response… Read More
(Central) User management General considerations on user management If communication is allowed through a firewall or possible via local access, access should be protected by a user login. Users in this context may be human users, software processes, and devices used to build automation infrastructures and systems. Read More
Checksums and signatures Checksums Checksums indicate the integrity of data thus allowing (accidental) modification detection. By verifying checksums, manipulations and data corruption can be detected. Checksums are calculated over valid, verified and non-corrupted data. When calculating the checksum again with the same algorithm (e.g., after a… Read More
Passwords Each (human) user of a system component needs to be identified and authenticated for all access. For that purpose, passwords can be used. Further authentication methods can be, for example, biometrics (e.g. finger print scanner, face recognition), tokens, physical keys, key cards or evaluating the geographic location of… Read More
Why cyber security? There are several definitions for cyber security, like Cyber security is the state in which the risks associated with the use of information technology are reduced to a tolerable level. Risks arise from threats and weaknesses to systems and products. Information security is… Read More
360° security – the holistic approach Comprehensive and sufficient security is not achieved by implementing only (one) technical measures in the system. An adequate security concept must include the technology used, defined processes, and the people involved, i.e., it must specify both technological and organizational measures. Security… Read More
Restricted mobile access: protecting a WLAN by password Unauthorized smart devices must not be able to connect themselves via the WLAN interface. For that reason, your strict password rules should also apply to all wireless access points in your ICS. WLAN components from Phoenix Contact enable automated… Read More
TLS / HTTP(S) To secure the transmission of data between network devices used to build automation infrastructures and systems (such as controllers), or between an engineering software and devices which you configure and commission via this software, you should use security-capable transmission wherever they are supported. Such protocols… Read More
Technical and organizational security measures To achieve security, a holistic approach is necessary: An adequate security concept must include the technology used, defined processes, and the people involved, i.e., it must specify both technological and organizational measures. Many but not all threats can be defended against with… Read More
NAT and port forwarding General information Network Address Translation (NAT) separates internal (private) and external (public) network areas. A NAT device (which is usually located at the network or zone border) exchanges public and private IP addresses. This way, all internal network addresses are hidden behind the… Read More
