Camel

MrPLC Member
  • Content count

    131
  • Joined

  • Last visited

Everything posted by Camel

  1. Has anyone ever used the simulator panel? I can't seem to remember how to use it. Anyone have any kind of documentation?   Thanks in advance!
  2. I've got a bachelors in computer science and I find a way to apply something from it to the automation world on a daily basis. If you want to get a feel for CS before actually committing to something try a free class from somewhere like https://www.edx.org/
  3. First thing you should do is analyze the impact that any patch will have on your systems. Second, if your company has a windows based domain, they probably have a server running windows server update services (WSUS). You could push patches to your control machines with this. The setup that I have ran across in the field was based on altiris. They would get a wonderware patch, create an installer, and push it out to the controls machines that were running altiris agents. On the plc side of things, you would have to check and see if the software your updating supports the firmware in the plc. If it doesn't, someone will be making a trip of some sort. You could update the firmware in a spare processor and download the PLC app to it, then ship it to where it needs to go with instructions on how to change it out. I've seen a company make that work. They even made a video on how to change it out for the plant people. Most methods that IT departments use to manage thousands of pc's are applicable to industrial control systems. You just have to get creative and learn a few more acronyms.
  4. Your controls systems are only going to be a secure as the effort you put forth to secure them. A few things I always try to preach are: 1. Always firewall your controls systems from your business network or any public network. Use DEFAULT DENY rulesets in the firewall. I set up a redundant firewall set once using OpenBSD (PFSYNC, CARP, PF) and a pair of old dell poweredge 2650's for around 100 bucks.... 2. Disable USB thumb drives on every machine. 3. Don't use autologin or shared logins. Don't make password policies so complex that people have to write their passwords down.... 4. Avoid wireless. If you can't avoid wireless, use frequency hopping spread spectrum radios (FHSS). 5. Use a virus scanner. 6. At least put a little bit of thought into physical security. If someone with malicious intent can just waltz into your control room with a gun, security doesn't matter anymore. 7. If it's critical that your control systems is running, and it's running on a windows based OS take a look at placing the machine in special security limited functionality (Windows SSLF mode). http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems/microsoft_windows.shtml 8. Update your software. If a vendor is slow at this, maybe it's time to look at other alternatives. It's easy to protect your systems from whatever has already been discovered. The trick is trying to mitigate the damge from something that was dreamed up this morning.
  5. Here's a good resource for people interested in control systems security. http://www.us-cert.g...tems/index.html And here is a bit of info relating to stuxnet. It's listed as ICSA-10-238-01, 01A, and 01B. *EDIT* Just noticed that ICSA-10-201-01, 01A. 01B, and 01C are specific to the siemens attack also. http://www.us-cert.g...rt/archive.html *EDIT* Please be mindful of the distribution restriction at the bottom of those documents. They are not classified, but they don't want you editing these or posting them on public websites. If anyone has any specific security questions about control systems, feel free to hit me up. I'm not very well versed in the "OMG they're out to get us, what do we do?" type questions though. Every individual security implementation has specific requirements, I'm not very good at large generalized questions about motivations, theories, regulation, etc... I've been away from MRPLC for a few years now, glad to be back!!
  6. 90-70 to Wonderware

    Here is what I am trying to do: I am trying to connect a CPX772 to wonderware through serial port 1 through GESNP (on the wonderware side). I have configured all places to setup the serial ports on the pc to match the configuration on the plc. I am able to connect to the plc with LM90, but I am unable to connect with GESNP. The cable pinout I am using is IC693CBL316A. It has a DB9 on the pc end and an RJ11 on the plc. Does anyone have any idea as to why this doesn't work? A little side note: I am not going to upgrade away from LM90, this system will not be there that long anyway. This system communicates TCP primary, this is for a backup in case of a network failure.
  7. 90-70 to Wonderware

    I have entered an SNP ID for the cpu overall, I have not for each interface. If I do it for each interface, it will require a processor stop and download. I am using the RJ11.
  8. I got to poking around in IANA last night and found this: 1662 Rockwell International Corporation So thier private MIB would be 1.3.6.1.4.1.1662 Dont know whats in there yet...... I dont have a login to anything ab (nor do I plan to). No, there is no specific product I am looking at. We generally install modicon plc's, but we still have a few places that have oem equipment with AB plc's that we have not had the opportunity to remove. Thanks for your help!!
  9. Does anyone here know if allen bradley plc products support SNMP and which ones? Do they have there own private MIB? What is the ASN.1 address for their private MIB (if they have one)? I don't have any AB equipment to play with at the moment, or I would check myself... Thanks!!
  10. Wich is the best inverter brand?

    Baldor is pretty good... They usually come with ethernet(modbustcp)/usb/serial
  11. Salvaging InTouch Work

    Do you have a db dump out of that app? If so, I would try to reload it. I have seen one of those errors before, and reloading the db fixed it. Dont know about the other errors though... If you dont have the db, you could create a new app, dump the db out of it (blank), and load it into the broken one. This will loose all tag and topic settings, but its better than starting from scratch.
  12. My company uses it on a large scale. I am still learning about it, and will post more when I do. About the server virtualization thing: When a server dies that has GR node running on it, it tends to start back up with everything undeployed and generally "out of whack". If you use MS virtual server 05, it comes up deployed and running. For us, thats the difference between a normal restart and and hour or more worth of "OMG were down" time. The one hard lesson I have had to learn: Make good and sure you have a sound and stable network infrastructure. If you spend a ton on anything, make sure this is it..... A little side note: Look at the little box that pops up when you deploy something. It has a cancel box, but it greys out when you would normally need to cancel the deploy. Later on down the road, when you deploy a big app and realize you forgot something, you will find it funny (as you wait an hour for the deploy to fail).
  13. Data Concentrator

    If you are using wonderware, you could check out their DAS servers. I have used them before (DASABTCP) and they work great. If you are using intouch 10+ or system platform, you can set up redundancy too.
  14. Have you configured the card? You have to configure it for either Bit (%I or 1x) or Input Word (%IW or 3x). Then you have to assign the card an address range. Example: If I set up the card for Bit (%I or 1x) and set the range for 1 to 16 the IO addresses would be: 10001 10009 10002 10010 10003 10011 10004 10012 10005 10013 10006 10014 10007 10015 10008 10016 These can also be represented by 1:1 1:2 1:3 Etc... or they would be %I1 %I9 %I2 %I10 %I3 %I11 %I4 %I12 %I5 %I13 %I6 %I14 %I7 %I15 %I8 %I16
  15. What card is it exactly? Have you taken a look at the system words that relate to ethernet comms? %SW139 Global data and I/O scanner load %SW160 to 167 Device operating status determined by I/O scanning %SW168 to 171 Operating status of global data? What programming software do you have? Unity has a bandwith monitor that could help. Does the cable look ok? Does it vibrate or get moved anywhere? If its plugged into a managed switch, does the error log of the switch show anything (Cisco equipment may blink the port yellow too)? Was it working before and then suddenly started doing this?
  16. There's a couple different ways. 1. In the reference data editor, enter it as ARRAY[X].VALUE 2. Find it in the program and double click on it. A pop up will open and you can click on the plus signs to see the values.
  17. Unity is downloadable from http://eclipse.modicon.com Login and search for Unity. (You have to have a support agreement with Schneider) Can you not change the programing software used by changing the os on the processor?
  18. Sounds like your IS department needs an overhaul. In the civilian world I am a control systems engineer, and we are part of the IS department. Don't assume that IS personnel everywhere have no idea what a PLC is. As I said, I am an engineer in the civilian world. Right now I am in Iraq supporting a large chunk of a windows domain. For me, PLCs and PCs are basically the same (they just have different peripherals). I take pride in the fact that I can support any system I may come across regardless of its intended use or design. If anyone would like a little education on PC/PLC security this is a good place to start. As our industries evolve, the line between control system and computer system fade.
  19. They "fixed" a control pc by turning off the firewall??? They couldn't open the ports for that specific application???
  20. User localdrive access

    Click Start -> My Computer Right click the drive and select properties Click on the Security tab Add away.....
  21. You could check out the 802.1 equiptment. This is where I shop alot. http://www.meshoutlet.com
  22. Windows Vista

    I am working on porting or emulating some popular automation apps to linux. There are licensing issues and all sorts of junk I am reading through now though. I will write some papers and put them up here when I make sure everything works right and is legal. As for Vista and database apps and such, I hate it. Took several hours to setup SQL Server Management Studio, make it stable, and make it work on a net connection. I have a live linux cd that I put MySQL Server 5.0 on. All I have to do to get it to work is put it in a computer with a bootable cd or dvd drive and turn it on. Takes a couple minutes......
  23. Usefull stuff?

    All of our PLCs are network connected. We don't have many, if any, serial connections to sqat. This is some of the open source software I use in my day to day dealings. Wireshark -- Network protocol analyzer. Comes in hand for seeing what is really hapening. MySQL -- SQL server. It's a database server. I prefer it to Microsoft SQL server, now that I hate Microsoft. This thing supports everything that MSSQL does. Netcat -- "TCP/IP swiss army knife" You can do almost anything you want to a port with this thing, and more. Careful though, most virus protection software detects it as an unwanted program/virus. I can assure you, ITS NOT. VMWare -- Virtualization App Allows you to install Windows on a virtual machine inside of Linux, or Linux in a virtual machine inside of Windows (Why would you want to??). Where I work, most servers don't physically exist, they run emulated on a massive server with a ton of memory and processors.
  24. Windows Vista

    I bought a Sony VAIO laptop with Vista Business installed on it. I've had it for almost 5 months now and everyday it finds some new way to disappoint me. The ways are too numerous to list here. This OS (in my opinion) is crap and should still be in the alpha state. There is absolutly NO WAY I will ever use this for anything that has to do with controls/automation. I tried to install Unity Pro and Concept XL (Modicon). After about 6 hours of messing with it (kept getting random errors) it had to ask me if the program installed correctly. How would I know???? This thing also fails to startup and shutdown at least once when I use it, and it feels no need to put anything in an event viewer. This has given me some strong motivation to start porting things to Unix based OS's. If anyone is in the least bit curious about how to get Wonderware or your favorite PLC programming package working on linux, feel free to ask me. I will do everything I can to keep everyone I can from using Vista.
  25. WinXP Home to Pro...?

    Yes I did assume. I did, as most Americans do, forget that the rest of the world exists. As for us in the US, EULA's are legally binding. We have the option to open, and thereby accept, the EULA, or we can take it back and get a refund.