What do I have to know to implement OPC Security?

For many users securely deploying OPC applications can be a challenge for many engineers and technicians.  Even though classic OPC is an open technology and based on Microsoft technology, implementers still often end up looking through a lot of detailed information trying to answer even basic OPC security questions.

 

The first line of defend is properly configuring the DCOM permissions of the system.  These can be found in the following whitepaper:

Configuring COM/DCOM for Windows XP SP2 or 2003 SP1

 

The next consideration in having a secure OPC system is the granularity of access that you need. The security permissions for communication between OPC Client and Servers rely on your Windows security model and therefore invokes an “all-or-nothing” permission ideology. When you use the Microsoft DCOM configuration tool to grant your OPC Clients access to the OPC Server information, you are effectually allowing this Client tool full control of your system. For those that want to restrict client access on a ‘need-to-know’ basis, should take a look at the webcast:

Bulletproof OPC Security in 30 Minutes General

As OPC moves forward with OPC UA, the security options used in classic OPC integrate as part of the overall  security system.  For more on OPC UA and Security see the whitepaper:

OPC UA Security: Do You Have Reservations?