Communication with the controller connected in the CODESYS project should be protected against unauthorized access in the following ways:
-
Enabling user management: simple or group-based
-
Certificate-based encryption of communication with the controller
Enabling the security features
First switch the communication to encryption so that you do not reveal any credentials to other participants in the network when transferring the user management.
Enforcing encrypted communication
-
On the controller:
-
Runtime version >= 3.5 SP14: Encryption can be enabled for “Communication Policy” and enforced for all clients.
-
-
In CODESYS:
-
Encrypted communication can be selected as an option in the device editor on the “Communication Settings” tab (command or “Change Communication Policy” dialog) or in the “Security Screen” view.
See the current help regarding this:
⮫ “Encrypting Communication, Changing Security Settings”
If the CODESYS Security Agent is installed, then see the help for CODESYS Security Agent.
-
Enforcing a user management
-
On the controller:
-
Runtime version >= 3.5 SP17: User management is enforced by default for “Communication Policy”.
Note: For enabling the user management, at least a CODESYS development system V3.5 SP16 is necessary. This means that, in the case of enforced user management which has not been enabled yet, you cannot connect to an older development system.
-
-
In CODESYS:
-
See the current help regarding this:
-