Comment from Erik Hjelmvik
Time: February 15, 2007, 10:16 am

Just a comment/question on OPC-tunneling:

Does an OPC-tunneller really add security to a solution? From what I know many OPC-tunnellers can’t even perform simple authentication of the connecting user!

This means that by using the tunneller software we’ve actually lost the only possibility of authentication we once had (i.e. DCOM security).

Also I guess that the OPC tunnelling software is just as prone to crash (due to for example DoS attacks or unintentional resons) as any OPC server would be. Hence by using a tunneller we’ve added yet another single point of failure for reliable data delivery.

I’m not saying that OPC tunnelling is all bad, in fact it makes it a lot easier to harden the firewall configurations. However I believe that there sometimes is a belief that the OPC tunneller solves all our problems, which really isn’t true.

Comment from Dale Peterson
Time: February 15, 2007, 11:22 am

Erik - the cursory look we have had at OPC tunnel solutions has us very concerned, and it is an area we hope to get to some time in the near future. I agree it is more software that could suffer from implementation vulnerabilities. It would not be the first time a security product introduced new vulnerabilities.

Also, the tunnel is not necessarily going to prevent implementation vulnerabilities from being exploited through the tunnel. Secure ICCP has this limitation.

Comment from Ralph Langner
Time: February 16, 2007, 11:14 am

Eric, an OPC tunneler COULD enhance the security of OPC deployments significantly if the tunneler has a sound design. One thing that you did mention is that a tunneler allows for easy firewall configuration. The other thing is that a tunneler COULD provide rock solid authentication with certificates, dongles, biometrics etc. It is just a matter of what the vendor chooses to implement. At Langner Communications, we had plans to develop such a tunneler, but the effort was stalled due to lack of market demand. — A tunneler certainly does not solve all our problems (which technology does?), but it can solve a lot of problems introduced by DCOM. From a security point of view, shutting off remote DCOM access for a given target machine is a value in itself.

Comment from Jake Brodsky
Time: February 21, 2007, 8:49 am

Ralph Langner’s comment is dead on target. One other aspect of security which I would like to point out is that a security feature in an OPC tunneling protocol ought to be relatively open if it is to be considered serious.

That said, I can see why nobody has gone there. The need for open standards, the need for careful review, and frankly, the relatively small market all conspire against such products emerging on the market.

Fundamentally, the problem comes right back to the very design of the OPC API. This API was designed for compatibility, with very little attention paid to security. Now many are looking for some sort of “bolt-on” after the fact security appliance on to this API. It isn’t that simple. The entire OPC system is going to need to be reworked. The only safe solution is to manage security at the network level, and to carefully validate all connections.

A tunneler helps here, but it’s no panacea. Nothing is.