SMP Gateway User Manual • 89
13.3 Extending the SMP Gateway Security Model
The SMP Gateway security model is effective « locally »: security settings are stored in the
SMP Gateway, which is also responsible for security processes like authentication, and features
such as the firewall and VPN connections.
You may extend the SMP Gateway security model by purchasing Cybectec Security Server, which
is part of Cybectec Enterprise Solutions. The Cybectec Security Server provides a global security
model, bringing it up to the corporate level and increasing access rights control and flexibility.
Note: Cybectec Security Server’s global security model is out of the scope of this
document. For more information, contact your local COOPER Power Systems
representative.
The remaining sections of this chapter explain how to configure the SMP Gateway’s local
security.
13.4 Managing the Security Database of One or
More SMP Gateways
13.4.1 Getting Started
The following sections will take you through the steps required to customize your SMP Gateway
configuration, in order to meet the security policy of your particular organization. To create a
secured system, you need to build a database describing allowed users’ name, their password and
how many password errors they are allowed to make before being locked out. Every company has
its own security criteria and the Cybectec software lets you configure it accordingly. When the
database is built and security is turned on, only the users in the list will be allowed to access the
gateway.
After setting up the authentication policy, establish a VPN connection to open a connection with
the SMP Gateway before installing a firewall. Then, you should set up a firewall. A firewall is a
system that blocks all communications from outside the company’s secured network. It protects
the system against intrusion, and especially against unwanted access. Once the firewall is in place,
you can then allow access for the IP addresses of the SCADA and other such systems to specific
TCP services (ports).
Additionally, the SMP Gateway’s built-in security does not allow an unsigned file in: it has to be
signed by Cooper Power Systems to be allowed in the gateway. More information about this
concept is given in section “File certification and integrity checking”, page 102.
Setting up your custom security database involves the following steps:
Defining your authentication policy.
Customizing the various user groups and privileges.
Identifying your users, setting their passwords, and assigning them to user groups.
Validating and saving the security database on your PC.
To Next Page
Loading...