S. Security
S. Security
S. Security
LTS being the one issuing requests, the previous permission took
also care of this communication issue.
S. Security of SCADA Protocols
system Communication protocols use various ports depending on their
own implementation. The most typical ones, such as ModBusIP,
Sofrel, Perax, uses port 502….
No specific configuration is required for Windows firewall as
Topkapi generates only an outgoing flow which is not blocked.
However, if you setup your controllers to initiate the
communication (for instance spontaneous emission often used for
GPRS network), then you need to change the configuration of the
firewall to let the request come in. The UDP or TCP port depends
Rzvisions Author on the protocol and can usually be changed in TOPKAPI.
01/02/2013 OU Initial document V5.0a
Webserv
Webserv rely on the Windows Web component called IIS
Until now, SCADA system security was not well developed as
(Internet Information Service). After installing this component,
most of SCADA softwares are running on a totally independent
port 80 (http port by default) has to be opened in order to let
network. But nowadays, the need to be connected to Internet is
remote browser have access to the hosted Web pages.
growing and threats found on the Web require powerful software
to protect against. This chapter lists our advices and constraints in In the Control Panel, go to System and Security, Windows
order to let you manage at best your security issues. Firewall menu and click on Allow a program or feature though
Windows Firewall.
1.1. Firewall Then click on Change Settings, and check the box World Wide
Web Services (HTTP), which will only displayed after installing
All versions of Windows include a built-in firewall that is IIS.
activated by default. Some anti-virus solutions also provide one
which comes in substitution of Windows’.
In all cases, we highly recommend to keep it active as its job is to
filter incoming data flows.
However, when it is on, some features are blocked and won’t
work as they could be threat to the operating system. Flows are
separated in two groups: Outgoing flow, for instance data requests
sent by Topkapi to controllers, and incoming flows, which can be
anything from the network or the Internet which try to
communicate, access or damage the computer. In general, the
latter do not need any specific configuration as the firewall is
meant to protect from outside threats. Below are the most common
ports you might need to open in your firewall settings in order to
be able to use Topkapi.
1.6. Autorun
LockWindows can also disable autorun for CD, DVD and USB
mass storage devices connected to the computer.
This is recommended as USB mass storage devices are a typical
means of virus propagation.
For CD/DVD, it prevents automatic installation of unwanted
software.