Recommended Posts

We often get asked if DAQFactory allows web control of the SCADA system. While I understand why users would like such a system, I think most do not understand the security issues involved with placing a SCADA system on the internet. Its one thing if someone hacks a website and uses it for spam, another completely if they hack your SCADA system and start turning off critical valves. Given that many of the people that ask about web control do not understand the difference between a LAN IP address and static Internet address, we feel that web SCADA is somewhat like putting someone in a wood shop and telling them to build some furniture without giving them any instruction on how to use the tools safely. Except of course that Internet security is much more complicated to learn than tools in a wood shop.

DAQFactory does provide a web server, but even then, I tend to recommend using a different, and much more secure method to put your DAQFactory screens on the Internet. This involves getting an inexpensive web hosting plan and uploading your screens to that server. This eliminates the need to put DAQFactory on a computer that is exposed to the Internet and limits traffic to outgoing FTP. To do this, you would create a sequence to capture your screens to jpeg files and the use DAQFactory's FTP functions to upload it to your server. The script looks something like this:

// setup FTP
FTP.strServer = "ftp.myserver.com"
FTP.strUserName = "myuser"
FTP.strPassword = "mypassword"
while(1)
   delay(600) // wait 600 seconds
   // capture Page_0 to a jpeg file
   page.Capture("Page_0","c:\page_0.jpg")
   // setup file for upload:
   FTP.strLocalFile = "c:\page_0.jpg"
   FTP.strRemoteFile = "page_0.jpg"
   // do the upload:
   FTP.Upload()
endwhile

This will capture and upload Page_0 to ftp.myserver.com every 10 minutes. The Capture() function's first parameter takes the same specifier that you would use with the DAQFactory web server, so you can crop the image as well.

Not only is this method more secure than putting the DAQFactory PC on the Internet, but it also eliminates the overhead involved with hosting a webserver on the same PC as your SCADA system. Things like denial of service attacks are very easy to implement and would use up all your computer's processor power, bringing your DAQFactory SCADA to a halt. Using the above method, a DOS attack will only bring your webserver to a halt, but since that is not the same computer as your SCADA system, you only lose your remote access.

For web based control with DAQFactory, probably the most secure is to use a remote desktop type tool like NTRConnect (www.ntrconnect.com). NTR even has a free version. These tools are designed by professional security experts to be secure so you don't have to worry about it. They also use a relay server so that your SCADA PC does not have to be exposed to the Internet.

Share this post


Link to post
Share on other sites

I should add that the page.capture() function is part of DAQFactory web server functionality and therefore requires DAQFactory Standard or higher.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now