Jump to content

Recommended Posts

I have been tasked with developing a centralized server that will communicate with many Samba PLCs around the world. Specifically, I need to ensure that the server can contact any PLC and 1) get a copy of the current values or 2) instruct the PLC to change a value. I want to ensure that the PLCs only communicate with the server, no other computers.

The data itself is not considered secret, so the fact that VisiLogic does not appear to offer encryption is not a problem. But, it is critical that only the server be allowed to update PLC values. It is simply unacceptable that another person could connect and update values, even if it would take quite the effort to accomplish that goal. Is there any way to ensure that the PLC's will only respond to requests/instructions from our centralized server? If I send a password, as a message, that password would not be encrypted, so others could see and use it. Is there anyway to securely connect to a Samba PLC, using VisiLogic? The server will know the PLC name and the IP Address, but once again, this would be transmitted unencrypted. Is there a way to program the PLC's to only accept connections from certain IP Addresses? 

In summary, I want to ensure that the PLCs will listen for communication from our server, they will send current values when requested, they will update their values when told, and they will ignore any requests from others. Is this possible?

Any suggestions are greatly appreciated.

 

Share this post


Link to post
Share on other sites

Security like that is not built in to Unitronics, as you've concluded.

One thing I've done is to roll my own authentication code based on a collection of mathematical operations.  Each Unitronics PLC with Ethernet has a unique MAC address located in SDW 22 and 23.  You could keep track of these in your server an create a code to send along with your data.  Put logic in that matches the reverse of your math operations and use the result to verfiy the proper data origin.

You have not given the details of communication.  If you are going through the Internet, there are already many security methods available to clamp down on unauthorized data transmissions.  This may be a better question for a good IT person.

Joe T.

  • Upvote 2

Share this post


Link to post
Share on other sites

Joe,

Thank you for your response. I did not know that I would have access to the MAC address, that is very helpful to know. I will create a basic encryption algorithm, utilizing the MAC address and other information to verify before performing any operations. That should be sufficient security.

Thanks again,

Tim J. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...