The recommended security measures for the CODESYS application are described here.
CODESYS Projekt:
-
Encrypt project with password or a dongle.
-
Integrate user administration into project.
Network:
-
Network separation of control level and office level
-
To minimize the risk of data security breaches, we recommend the following organizational and technical measures for the system on which your applications run: As far as possible, avoid exposing the PLC and control networks to open networks and the Internet. For protection, use additional security layers such as a VPN for remote access and install firewall mechanisms. Restrict access to authorized persons, change any existing standard passwords during initial commissioning and continue to do so regularly.
Device:
-
Integrate User Administration.
-
Disable unused services (FTP, FileServer, WebVisu, etc.).
-
ev. deactivate script execution via USB stick / SD card (see system manual)
TargetVisu, WebVisu:
-
ev. use User Administration
-
ev. use SSL.
Ports (USB, SD, etc)
-
Do not leave unused ports accessible.
-
Restrict use of ports to the application.
Used Network Ports:
|
Ports |
Usage |
Configurable |
|---|---|---|
|
1740 – 1743 |
UDP Runtime communication |
No |
|
11740 |
TCP Runtime communication |
Yes |
|
1217 |
TCP Gateway communication |
Yes |
|
8080 |
CODESYS WebServer |
Yes |
|
443 |
CODESYS WebServer (SSL) |
Yes |
|
4840 |
CODESYS OPC UA Server |
Yes |
|
8000 |
KCHWebServer communication |
Yes |