Hi,

I am in the process of setting up FactoryTalk Security to control access to the PLC 5 and 5k's in my plant.

This is how I understand it:

1. Create a network directory.
2. Set access right of users or groups in there.
3. Enable security on all programming stations and point it to the network directory.

My only concern is how to control access from rogue programming station. We have vendors come in all the time and I don't want a wide open backdoor. Can FactoryTalk automatically unsecure a PLC when going online and then secure it again when the legitimate programming station exits the software or goes offline?

What happens when a programming station that does not have security enabled try to access a PLC?

Any help will be greatly appreciated to make my plant more secure.

Thanks,

I think you are completely confused about what you are doing. First off, what you are describing sounds more like FactoryTalk Asset Centre, which is a totally different system.

The way it works in terms of security for the PLC's themselves is that it runs a captive version of RS-Linx Gateway and then the Asset Centre system talks directly to the PLC. All participating systems use it as a bridge to the PLC's. It doesn't inherently do ANYTHING about protecting your PLC's at all beyond this.

That being said, then if I bring a copy of Logix 5000 and RS-Linx into your plant assuming I can get a physical connection to your PLC, your security model is meaningless. It will totally ignore your security model.

Moreover, I think you are trying to do something in software that cannot be done in software. There is one and only one way to secure a PLC. It's called a pad lock. It is possible with certain PLC models to make the existing code unaccessible ("OEM" mode). It is possible to put password protection into every Allen Bradley PLC that I'm aware of, although with different potential issues and different degrees of control. It is possible to put in security in an Ethernet that protects all open ports from tampering with them and denying any and all access to rogue hardware. But it doesn't do anything for serial ports, DH-485, DH+, DeviceNet, or ControlNet.

In the end, it doesn't matter. I can always pull the battery (and memory card if present) and wipe out your security on a given PLC and load it with a program of my choosing. I can always bring my own processor along and swap it with yours. The only tell tale difference may be a version number or a different MAC address.

OK...now with a PLC 5, forget about Asset Centre. Use the on board security. Set up level 4 security with no password and give read only access for troubleshooting purposes. Give write only access ONLY to a few tables. The contents of those tables are strictly the things that can be changed via the HMI (settings). All other tables are read only. Either routinely do a sweep checking for forces or else deny forces. And if you are this paranoid, deny uploads/downloads. It is still possible to download a new program (remove battery, short battery terminals). But it becomes more difficult. Everything else should be accessible by password only.

With a SLC, Micrologix, ControlLogix, or CompactLogix processor, your choices are more limited. You can password protect the entire processor but be aware that you will NOT be able to use any HMI software that I'm aware of with it. So as long as the processor is doing all the communication and/or you are only using push buttons, indicator lights, and such, this can work. The moment that you want to strap a Panelview+ to it or use a SCADA/HMI software program, you will also lock out those systems.

The one thing that Asset Centre will do for you is that if you buy the "Disaster Recovery" version (another $5000), it will automatically do backups (and can do restores) of your programs for you. I believe (but I'm not 100% certain) that it can also report any changes that it finds. This does not prevent someone from making changes but at least you will be aware of any changes that have been made.

Seems I wasn't too confused about what I was doing. It works well, best on ControlLogix.

One can enable RSI Security on your ControlLogix project and download the secured project to a controller. If the security server does not authenticate the user and the workstation, they are denied an upload, download or going online. Once authenticate, users are only allowed what their profile allows them to do.

On PLC 5 I have a highly secret processor master password that gets passed on to the processor via MDT Autosave. Once a known PC has gained access to a PLC through Autosave, it is only allowed to do what it's profile allows. PLC 5's are recognised by network paths, not names. Should browse to the path with a different path, FTSecurity will not recognise the PLC as a secured asset and will allow everything. As for browsing to the processor via a different network path, I have just locked down the Linx config, so known PC's are force to use my known path.

Concerning a padlock: I am in Africa. A padlock means there is something cool behind it.

If anyone is attempting something similar, Rockwell has a wonderful document for it called the FactoryTalk Security Quickstart Guide. It tells you everything you want to know and more.

Hope this makes your securing of PLC's easier.

Cheers,