TOP Server V6.0 - Secure Out-of-the-Box

5 min read

Dec 6, 2016 12:00:00 PM


There are some very exciting new features now available with TOP Server V6.0.  In case you missed it, I did a high-level post giving you an overview of the five biggest features from the V6.0 release - click here to see that post.

Today, I'd like to give you an in-depth look at some of the important updates regarding security included with TOP Server V6.  With ever growing security concerns across industries, ensuring that TOP Server V6 was providing the highest security capabilities as standard functionality was an important goal.  Keep reading to find out how TOP Server V6 has become secure out-of-the-box.

With security concerns for process industries at an all-time high, it was paramount that TOP Server V6 to provide the most secure options possible from cyber threats.  To that end, TOP Server V6.0 provides a number of new security-focused enhancements.  To watch an on-demand webinar detailing TOP Server V6 including demo, click here.

Complimentary Security Policies Plug-In

You may recall a component called the Security Policies plug-in that was actually available in TOP Server V5.  In the past, that has always been a $395 optional licensed feature.  With TOP Server V6, we realized that, with the importance of security in today's industrial landscape, such a tool should just be part of the core server functionality.

So TOP Server V6 includes the Security Policies plug-in at no additional cost.  Simply select it as an option when installing TOP Server to have it available in your TOP Server admin configuration settings.  But what is the Security Policies plug-in?

Flexible, powerful control over your TOP Server

  • TOP Server V6 Security Policies PermissionsThe Security Policies plug-in provides the ultimate flexibility in user authentication for your TOP Server.

  • You can dictate what users have access to down to the individual tag level based on their defined user group in the integrated TOP Server User Manager.

  • In industries that are tightly regulated where you need to ensure the right people have the right access to the right settings, having access to the Security Policies plug-in should provide great peace of mind.

 

For OPC UA connections, this additional functionality is especially useful for user authentication.  Forcing OPC UA clients to authenticate will require that they specify a user name and password defined in one of your user groups in the TOP Server User Manager.  Since you can now define granular access policies for each user group, you have full control over what any user from an OPC UA client can access in your TOP Server.

For other types of client connections such as OPC DA or Wonderware SuiteLink, blanket permissions apply under the Anonymous Client user group, so it is still possible to define channel, device and tag-level access rights.  Just know that they will apply for all such client connections not supporting user authentication.

New Configuration API is Secure by Default

If you’ve seen any of our other posts on TOP Server V6 and its new capabilities, you may have seen us mention the Configuration API.  So just briefly, the Configuration API is a set of building blocks, or functions, for creating and updating the TOP Server’s configuration from another program, instead of from our configuration user interface that you’ve known for years.

Obviously, with such a powerful feature, it was important for the Configuration API to be as secure as possible and to integrate with other security features built into the product such as the integrated User Manager I just discussed that lets you setup user logins and control what they can do, even blocking them from deleting anything.

So here are the various ways security was addressed with the Configuration API in V6:

  • TOP Server V6 Config API Secure by DefaultThe Config API is Disabled by default

  • HTTP endpoint disabled by default (HTTPS is the default protocol for connecting to the API, when enabled)

  • SSL certificate support

  • Filtering by source domain (only allowed source domains can connect)

  • HTTP/HTTPS basic authentication

  • Integrated with TOP Server User Manager and Security Policies Plug-In for granular rights control

  • Transaction logging with configurable levels of verbosity and retention with API access to the transaction log (allowing full visibility into who made changes and when)

Improved OPC UA Encryption

And last, but not least, the OPC UA interface in TOP Server V6 has been overhauled and redesigned from the ground up for improved performance and, in keeping with the subject of this post, increased security.  With V6, the encryption key size for OPC UA connections to TOP Server has been increased to 2048 bits (previously 1024 bits).

TOP Server V6 OPC UA Encryption

So when encryption is being used for your OPC UA connections, it would be virtually impossible for a cyber attacker to crack the encryption on your connections.

All of these updates in TOP Server V6 should provide added peace of mind that your process data will be secure when using TOP Server for your device connectivity and data collection.

If you're interested in learning more about the other features introduced with TOP Server V6, don't forget to have a look at my TOP Server V6 main features post.  Or, have a look at the full release notes - click for details.

And please visit our updated TOP Server V6 Focus Website for other useful information.

Ready to see TOP Server V6 in action?  Click below to access an on-demand webinar with live demonstration of the new features.

Watch On-Demand TOP Server V6 Webinar

 

Kevin Rutherford
Written by Kevin Rutherford

Software Toolbox Technical Blog

We're engineers like you, so this blog focuses on "How to" appnotes, videos, tech team tips, product update announcements, user case studies, and other technical updates.  Subscribe to updates below. Your feedback and questions on posts are always welcomed - just use the area at the bottom of any post.

Subscribe to our Blog

Recent Posts

Posts by Topic

See all