Security
7Pages

Communication and information security The direct consequences of targeted, destructive access to a machine controller or an unintentional operating error are the same: standstill or even destruction of a machine or plant and thus production stoppage, loss of reputation and money. Therefore, the main objective is to ensure robustness against disturbances. Protection of data and communication as well as the logging of access are preventive measures which make unauthorized access more difficult and bring irregularities to light. Targeted access Exposed machines and plants are not subject to the same perimeter protection as enclosed industrial plants. Hence, wind power plants or biogas plants are relatively easy to access and the response times in the event of a detected break-in are high. High risk in production plants mainly emanates from legitimized persons. Service staff from the external service provider or a dismissed employee who in frustration succumbs to the temptation of a targeted act of damage to property are two classical examples. The targets here are switches, routers and controllers with free ports. These can be used for inconspicuous disruption or for targeted interception of communications. SolutionCenter Secure network services and logs Device Viewer Access control System security measures SCADA Server / Client Web browser User applications Security library Remote maintenance The layer-based security architecture forms multiple security walls around user applications. Each level i ­ncludes specific security measures that can also be used in user-specific applications. System Overview • Bachmann electronic GmbH • 11/2015 • Specification subject to change – the product’s characteristics are exclusively governed by the data of the respective user

Control components of Bachmann have various measures for counteracting targeted access. Effective mechanisms are in place for protecting against network overload which ensure stability of the application in the event of denial of service attacks. Vigorous implementation of end-to-end encryption of the communication by SSL renders eavesdropping ineffective. User programs use interfaces to current cryptographic procedures to encrypt data. Critical infrastructures Guided by national and international regulations, public utility companies are particularly sensitized in matters of security and...

File and Folder Rights Management of file and variable rights: (1) Individual files and variables or entire folders are selectable for the rights management using a browser. (2) These are presented in a clear tree structure. (3) Finely grained read and write permissions can be assigned user-related directly in the list using the Inline-Editing function. (4) Additionally variables can be limited in the value range. Defects and operating errors Targeted security management only helps in the case of undesirable and potentially destructive access. Inadvertent changes to machine parameters,...

Safety and Security Functional safety requires a high degree of security measures to prevent operating errors. Unnoticed changes to the safety programming as well as dangerous interferences during safe operation must be prevented and logged. Safety Control of Bachmann already warns about any malicious, manipulated code on the configuration computer and protects against inadvertent changes by means of functions for pinning software versions. A separate login system on each safety controller allows individually restrictable access. The continual logging is tamper-proof and imple-mented...

^Monitor £ FTP (^) Variablenansicht g Device Shell □ Fehler EJ Eigenschafter User Name Access Right Tool false OPCUASRV Uptime access Last access irity Client Registered Users User Name Copy syst. ValueOld ValueNew /cfcQ/m config.ini: [ SYSTEM ] | (Seri a ID rivers] The online security monitor gives comfortable overview: (1) Details according to logged in users and the token status (2) Security log entries show details to connections and communication status, e.g. login/logout (3) or assignment of new values to variables (4) System Overview • Bachmann electronic GmbH • 11/2015 •...

Security Ethernet Load limitation Separately adjustable limitation of the read and write workload for each Ethernet interface; Protect the machine application against DDoS attacks (Distributed Denial of Service), Broadcast Storms and defects in the network infrastructure. Configurable and during runtime programmable IP- and MAC-filtering prevents against DoS attacks and allows dynamic blocking of potential harmful services or network devices. Network services and logs SSL/TLS based network ­communication Security standard for the establishment of a secured communication c ­ hannel at...

Security System Enable/disable application development Protection against installation of unauthorized programs. Memory protection Application programs are protected at memory level against write access from other applications. Protection against malware that want to eavesdrop and manipulate data at operating system level. Protection against buffer overflows. Null pointer protection Special protection to prevent manipulations via null pointer exception ­handling. Security log with archiving function Login and logout of users as well as each write access are logged at variable level,...