The OPC (OLE For Process Control) user considers the mitigations listed as a menu to choose from rather than a list of unalterable requirements. This hardening typically should be conducted in four stages. First, the Widows platform itself needs to be locked down to make it less susceptible to common Windows-based attacks; yet still allow OPC applications to function. Then the specific OPC components need to be hardened using the OPC configuration tools found in the Windows operating system. Then the system needs to be tested to ensure these changes still allow all OPC applications to function correctly. We a number of cases where OPC vendors do not respect DCOM security requirements and settings are deployed on live production systems. Finally, verification of the fortifying effort is required to confirm no serious security holes have been left open.
For the most part configuration guidelines will apply to both server hosts and clients. The callback mechanism used by OPC essentially turns to the OPC client into a DCOM server and the OPC server into a DCOM client. For instance we focus on OPC servers, but to take full advantage of these recommendations they should be followed on all nodes that contain either OPC clients or OPC servers. Several sections discuss clients specifically.
It is also important to take note examples shown below are primarily based on hosts running Windows Server 2003/SP1 or Windows XP/SP2 or later. Earlier versions of Windows can still take advantage of many of these suggestions, but will be considerably more difficult to configure. Thus if at all possible, a first step should be to upgrade any OPC host platforms to these newer operating system versions.
At the end, these examples were performed and lab tested in a workgroup setting as a result, slight modifications may be required in domain based environment. In real industrial settings domains may be beneficial as they provide the ability to apply these recommendations uniformly across a group of hosts via group policy.
Labels:
OPC
OPC