Reasons a Configurable TCP Port is Important for OPC Tunneling

2 min read

Jun 21, 2016 11:30:00 AM

This is Part 8 of our “25 Things to Consider when Choosing an OPC Tunnel” series.  What flexibility is there in how ports are configured?

Depending on your level of knowledge regarding OPC tunneling solutions, you may or may not be aware of how a tunneler uses TCP ports for transferring data between machines.  Your IT department likely gives you plenty of trouble whenever you mention needing to open a TCP port.  And with good reason - cyber attacks frequently exploit commonly used TCP ports.

This blog post will outline three top reasons why it's important for an OPC tunneling solution to support fully configurable TCP ports for transferring your data.

TCP Ports and OPC TunnelingI'm sure you're starting to see a common thread in this series of blog posts - DCOM is painful for many reasons, which is why an alternative is so desirable.  Port usage and flexibility comes into play as a result.  OPC relies on the Microsoft RCP service which uses Port 135.  OPC Tunneling solutions rely on TCP socket connections between machines to transfer your process data.

But why does that matter?  Cyber hackers also like to make use of TCP ports when designing attacks to exploit the vulnerabilities of a system.  So having the ability to choose less frequently utilized TCP ports can minimize the chances that a cyber attack would be successful.

Properly designed OPC tunneling software greatly contributes to cyber security in the following ways:

  1. Tunneling doesn't rely on DCOM TCP/IP port 135

    DCOM has no configurability when it comes to what TCP port will be used for a remote connection.  Since DCOM relies on Microsoft RPC services, Port 135 is always used, as well as some other ports needing to be open for communications.  As such, cyber hackers are fully aware of Port 135 and its vulnerability, making any connections that are not behind a firewall extremely risky.

  2. Poorly designed OPC tunnels might hard code the TCP/IP port

    Not much better than a remote DCOM connection is an OPC tunnel connection where the TCP port used for the tunnel is hard coded.  Considering that the tunnel vendor would have to document which TCP port is being used for their tunnel connection, all a hacker would need to do is access the software product manual to determine which port to attack.

  3. Fully selectable TCP/IP ports provides the ultimate flexibility for your IT department

    A well-designed OPC tunnel solution provides fully configurable TCP port settings for the tunnel connection.  This allows you to work with your IT department to determine which TCP port works the best for your network architecture.  Since you can define any TCP port, this makes it possible to select a port that isn't widely used and is much less likely to be the target of a cyber attack.  Selectable TCP ports also allow you to avoid duplicate port usage in your system.

Before purchasing a tunneler, make sure it allows you to configure the TCP port to be used for the tunnel connection.  To reiterate from our other posts, choosing an effective tunneler that takes into account your application requirements will make a big difference in your operational effectiveness, resiliency, and profitability, as well as network security. Learn about the other reasons in the free whitepaper “25 Considerations when choosing a tunneling solution”.

Download Free Whitepaper

Win Worrall
Written by Win Worrall

Software Toolbox Technical Blog

We're engineers like you, so this blog focuses on "How to" appnotes, videos, tech team tips, product update announcements, user case studies, and other technical updates.  Subscribe to updates below. Your feedback and questions on posts are always welcomed - just use the area at the bottom of any post.

Subscribe to our Blog

Recent Posts

Posts by Topic

See all