beautypg.com

BECKHOFF IPC-Security User Manual

Page 31

background image

Remote Desktop Protocol (RDP) and communication encryption

When making a RDP connection to a Windows 7 computer, this computer creates a self-signed certificate
used for Transport Layer Security (TLS). This allows data to be encrypted between RDP client and RDP
server. However, RDP uses a self-signed certificate by default. To use own certificates for RDP, please take
a look at [9].

Select which user accounts are enabled for RDP

By default, the local Administrator account is enabled to access the Controller via RDP. This is also why you
should change the default password as soon as possible. If you don’t need RDP, you should switch it off.
You should also specify which local user accounts should be able to access a computer via RDP. If possible,
create a separate user account for RDP access and give it exclusive rights for RDP. Please consult chapter
A.4.3.17 to see how RDP can be configured.

5.2.2.4. Network encryption

IPSec enables you to secure your IP-based network communication with regard to the security principles
Authentication, Encryption and Data integrity. IPSec is being primarily used in VPN environments but can
also be used to establish a secure channel between two internal computers. IPSec is an end-to-end se-
curity scheme which operates on layer 3 of the OSI model. This is also a main advantage of IPSec over
other security mechanisms (like SSL, TLS, SSH, etc.) because due to this, applications do not need to be
specifically designed to use IPSec. To them it just seems to be a normal IP communication. The IPSec
configuration in Windows XP consists of two parts: a Server and a Client. Let’s assume that your Controller
should be configured as the IPSec Server and a desktop computer running Windows XP as the IPSec Client.
Because the configuration of IPSec can be very bulky and can contain hundreds of different scenarios and
settings, only a basic example will be given. This example secures the network communication between a
desktop computer and the PLC Controller and is illustrated in the picture below. For more information on
IPSec please consult the Microsoft Developer Network (MSDN). As a prerequisite, both devices need to be
reachable via an IP-based network.

IPC Security

31