AzeoTech Posted April 29, 2008 Share Posted April 29, 2008 We often get asked if DAQFactory allows web control of the SCADA system. While I understand why users would like such a system, I think most do not understand the security issues involved with placing a SCADA system on the internet. Its one thing if someone hacks a website and uses it for spam, another completely if they hack your SCADA system and start turning off critical valves. Given that many of the people that ask about web control do not understand the difference between a LAN IP address and static Internet address, we feel that web SCADA is somewhat like putting someone in a wood shop and telling them to build some furniture without giving them any instruction on how to use the tools safely. Except of course that Internet security is much more complicated to learn than tools in a wood shop. DAQFactory does provide a web server, but even then, I tend to recommend using a different, and much more secure method to put your DAQFactory screens on the Internet. This involves getting an inexpensive web hosting plan and uploading your screens to that server. This eliminates the need to put DAQFactory on a computer that is exposed to the Internet and limits traffic to outgoing FTP. To do this, you would create a sequence to capture your screens to jpeg files and the use DAQFactory's FTP functions to upload it to your server. The script looks something like this: // setup FTP FTP.strServer = "ftp.myserver.com" FTP.strUserName = "myuser" FTP.strPassword = "mypassword" while(1) delay(600) // wait 600 seconds // capture Page_0 to a jpeg file page.Capture("Page_0","c:\page_0.jpg") // setup file for upload: FTP.strLocalFile = "c:\page_0.jpg" FTP.strRemoteFile = "page_0.jpg" // do the upload: FTP.Upload() endwhile This will capture and upload Page_0 to ftp.myserver.com every 10 minutes. The Capture() function's first parameter takes the same specifier that you would use with the DAQFactory web server, so you can crop the image as well. Not only is this method more secure than putting the DAQFactory PC on the Internet, but it also eliminates the overhead involved with hosting a webserver on the same PC as your SCADA system. Things like denial of service attacks are very easy to implement and would use up all your computer's processor power, bringing your DAQFactory SCADA to a halt. Using the above method, a DOS attack will only bring your webserver to a halt, but since that is not the same computer as your SCADA system, you only lose your remote access. For web based control with DAQFactory, probably the most secure is to use a remote desktop type tool like NTRConnect (www.ntrconnect.com). NTR even has a free version. These tools are designed by professional security experts to be secure so you don't have to worry about it. They also use a relay server so that your SCADA PC does not have to be exposed to the Internet. Link to comment Share on other sites More sharing options...
AzeoTech Posted July 17, 2008 Author Share Posted July 17, 2008 I should add that the page.capture() function is part of DAQFactory web server functionality and therefore requires DAQFactory Standard or higher. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.