It was a very long time in the works, and I have to give Eric Byres a lot of credit for his diligence in getting reviews and incorporating feedback from a cast of thousands for Part III. The final part of the OPC Security Whitepaper Series written by Byres Research, Digital Bond and BCIT is now available on our site to subscribers and likely will be on Eric’s site soon as well.
As a reminder, Part I provided an overview of OPC and included interesting survey results on how OPC is being used. Part II described risks and vulnerabilities in OPC clients and servers. Part III completes the picture by provide specific and detailed guidance on how to harden OPC clients and servers.
Part III is 54 pages long, which represents the complexity of the OPC / DCOM security problem. Some of the possible security measures, such as configuring the Windows firewall, are quite frankly so complicated we would be hard pressed to recommend them, but they are a technical control that is available to OPC clients and servers.
Other portions, such as guidance on setting DCOM authentication and permissions to limit access to OPC servers as well as the RPC hardening recommendations to make OPC more firewall friendly, we consider essential. The good news is there finally is a step by step guide to a thorough set of security hardening recommendations for OPC clients and servers.
If the paper is not enough – - stay tuned for next week when we will release a tool to subscribers that will allow you to audit your OPC servers to the guidance provided in Part III.