OPC Security White Paper #3 - Hardening Guidelines for OPC Hosts
Abstract: In this third White Paper of the OPC Security Series, we outline how a server or workstation running OPC can be secured in a simple and effective manner.
Typically this “hardening” must be conducted in several stages. First the operating system (typically Windows) needs to be “locked down” in such a manner that will make it less susceptible to common O/S based attacks. Next, the specific OPC components must be hardened using the OPC and DCOM configuration tools found in Windows.Unfortunately, completing this stage successfully is more complex; our testing indicated that there are a number of OPC applications that do not properly follow the DCOM specifications for Windows software.
Next, the system needs to be tested to ensure these changes still allow all OPC applications to function correctly. Since we found a number of cases where OPC vendors were not respecting DCOM security settings and requirements, this testing is critical before any security settings are deployed on live production systems. Lastly, verification of the fortifying effort is required to ensure no serious security holes have been left open.
These stages are expanded upon in a detailed Action Plan for Hardening OPC Hosts within this report. Specific examples are also provided for each task. In all, we believe by following these guidelines, the typical controls technician will be able to create a more secure and robust OPC deployment on their plant floor and OPC can continue to grow as a valuable solution in industrial data communications.