Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC - 5058-CO900G L03 - Design, Implement, and Manage FactoryTalk Security.

Published byEdgar Lynch Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC - 5058-CO900G L03 - Design, Implement, and Manage FactoryTalk Security."— Presentation transcript:

1

2 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC - 5058-CO900G L03 - Design, Implement, and Manage FactoryTalk Security

3 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC User Roles (FT groups or Windows groups) User Accounts (FT users or Windows users) Computers and Computer Groups System Policies (plant wide) Product Policies Controllers to be secured Secure Controllers by Area (resource groups) Background: What is FactoryTalk Security ? Use FactoryTalk Security to… Manage the insider threat by authenticating the user and authorizing the use of Rockwell Automation software applications to access automation devices How does it work? Provides a security authority to verify identity of each user and grants or deny user's requests to perform a particular set of actions on resources within the system. (Step 1) Request Access (Step 2) Access Granted or Denied Security Authority (FactoryTalk Directory) (All FactoryTalk Security enabled software) (Step 3 - optional) Authorize access to specific devices 2

4 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Let’s Learn about Fred Creating User Accounts 3 “Fred”; user name and PW

5 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Let’s Learn about Fred FactoryTalk System Policies 4 “Fred’s” PW expires in 30 days

6 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Let’s Learn about Fred Assigning Users to a Group or Role 5 “Fred” is an Engineer

7 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Let’s Learn about Fred Assign FactoryTalk Software Permissions 6 “Fred” can use Logix Designer

8 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Let’s Learn about Fred Assign Groups or Roles Permissions 7 Engineers can Modify AOI’s

9 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Let’s Learn about Fred Resource Assignment to Areas of Applications 8 Finally; “Fred” is an Engineer who can Modify AOI’s on all controllers in “Area2”

10 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC FactoryTalk Security in Logix Controllers Using the Security Authority Identifier (SAID)  With FactoryTalk Services Platform SR5 and Logix V20 (and later)  Configures Logix Controllers to require that all users be authenticated from a specific instance of the FactoryTalk Directory before they can access the controller (Security Authority Identifier)  Security Authority Identifier gets stored in the project (“project binding”) – secures the offline file Anyone working on a project (on-line or off-line) with the “Security Authority ID required” box checked… Is first required to “Log On” ….. … using the FactoryTalk Directory used to secure the project 9

11 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Backing up the SAID  Use the FactoryTalk Administration Console, the Security Authority Identifier can be…  Encrypted with a passphrase or password to allow for secure backup copies (disaster recovery)  Allows secure duplication and distribution to allow multiple FTDirectories to share the same ID !  Can be used to replace the CPU Lock functionality that was deprecated in v20 The Security Authority Identifier looks like this 10

12 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Secure Slot for Communications Copyri ght © 2011 Rockw ell Autom ation, Inc. All rights reserv ed.

13 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC 12 Pick and Choose: Data Access Control  Users can assign External Access settings of Read/Write, Read Only, or None to tags  Useful to control which tags can be modified from an HMI or other external application  A cryptographically licensed trusted connection is established between RSLogix TM 5000 and the Logix controller  Ensures the “External Access” attribute can only by changed by RSLogix 5000  “Who” can use RSLogix 5000 to change this attribute controlled by FactoryTalk ® Security  Users can also define tags as Constants  Constants can not be modified by controller logic Improves security of tags especially when used in conjunction with FactoryTalk ® Security

14 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC 13 Pick and Choose: FactoryTalk View SE Security  FactoryTalk View SE Security can be applied to:  Displays

15 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC 14 Pick and Choose: FactoryTalk View SE Security  FactoryTalk View SE Security can be applied to:  Displays  Objects

16 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC 15 Pick and Choose: FactoryTalk View SE Security  FactoryTalk View SE Security can be applied to:  Displays  Objects  Applications

17 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Pick and Choose: ControlLogix Real-Time Change Detection  Real-time monitoring of ControlLogix V20 or higher for changes via “Audit Value”  On Detect will get activities via controller “Change Log”  On Detect complete will consolidate all activities in a Report via Event Log  Will detect Rogue changes  Optionally can send to Audit log as well 16

18 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Pick and Choose: FactoryTalk AssetCentre Audit / Change Reporting  Search FactoryTalk AssetCentre  Events  Audits  Archive history  Schedule a Report or “Run Now”  Email reports per a Schedule  Examples  Search audit log for changes made during last four hours to a specific asset that has failed  Search archive history to determine what files a user has modified during last month  Search event logs for upload tasks that failed  Search audit log at the end of every shift for any forces or empty branches to improve plant-floor safety 17

19 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Lab Layout - Sections 1.FactoryTalk Overview: Everyone Must Complete 2.Deploy Initial RSLogix Project to Controller: Everyone Must Complete 3.Securing RSLogix 5000: Everyone Must Complete 4.FactoryTalk View SE Security: Pick & Choose 5.Securing Controller Data & Access: Pick & Choose 6.Protecting RSLogix 5000 Source Code: Pick & Choose 7.Real-Time Change Management for ControlLogix: Pick & Choose 18 Main Sections of the Lab:

20 Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC Lab Layout - Sections 1.FactoryTalk Overview: Everyone Must Complete 2.Deploy Initial RSLogix Project to Controller: Everyone Must Complete 3.Securing RSLogix 5000: Everyone Must Complete 4.FactoryTalk View SE Security: Pick & Choose 5.Securing Controller Data & Access: Pick & Choose 6.Protecting RSLogix 5000 Source Code: Pick & Choose 7.Real-Time Change Management for ControlLogix: Pick & Choose 19 Main Sections of the Lab:

Download ppt "Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC - 5058-CO900G L03 - Design, Implement, and Manage FactoryTalk Security."

Similar presentations

Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.

11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC - 5058-CO900G Rockwell Software® Studio 5000® and Logix Basics Lab.

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC CO900G Rockwell Software® Studio 5000® and Logix Basics Lab.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Similar presentations

Ads by Google