Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

DCOM Security and Configuration

TABLE OF CONTENTS

Checklist for hardening OPC security

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedNov 15, 2022
  • 1 minute read

For a comprehensive discussion of OPC security hardening, see the Office of Electricity Delivery and Energy Reliability article http://energy.gov/oe/downloads/opc-security-whitepaper-3hardening-guidelines-opc-hosts.

General guidelines for maximizing OPC security include:

  • Disable all unnecessary services, including OPCEnum, which is not required for normal OPC interface operation.

  • Disable file and printer sharing

  • If the OPC interface and server run on the same computer, disable DCOM and remote registry access.

  • User accounts:

    • Define a low-privilege OPC users group and add only users who need OPC access

    • Define a high-privilege OPC administrators group limited to specific computers

    • Disable Guest access

    • Require robust passwords

    • Configure firewall to limit traffic to trusted computers and create a policy based on this configuration

    • Protect the Windows registry (no administrative rights for regular users, disable remote registry editing)

  • DCOM configuration:

    • Set the minimum authentication level to Packet integrity (verify that the overhead incurred does not interfere with the performance of the interface)

    • Security

      • Launch

        OPC administrator account only if the OPC server runs as a Windows service.

      • Access

        OPC administrator and OPC user accounts

      • Configuration

        OPC administrator: full control.

        OPC Users: read-only

    • Identity: Member of opcuser group

    • DCOM transport protocols: restrict to TCP

TitleResults for “How to create a CRG?”Also Available in