dl-breadcrumbs__homedl-breadcrumb-item__separatorConfiguration and programmingdl-breadcrumb-item__separator...dl-breadcrumb-item__separatorCyber securitydl-breadcrumb-item__separatorOpen Ports and Servicesdl-breadcrumb-item__separatorSupported secure protocols
dl-pagination__prev-inactivedl-pagination__prev-activedl-pagination__next-inactivedl-pagination__next-active
Supported secure protocolsdl-permalink__symbolPermalink

Server protocols

FTPS

TCP

21

HTTPS

TCP

443

OPC UA

TCP

4840

Encrypted communication between engineering software and PLC

TCP

11740

Custom TCP protocols secured by TLS

TCP

User defined

DNP3 outstation with SAv5

TCP

20000

Client protocols

MQTT

TCP - Src port: random

Dst port: user defined

OPC UA

TCP - Src port: random

Dst port: user defined

Custom TCP protocols secured by TLS

TCP - Src port: random

Dst port: user defined

All the certificates for the different protocols can be handled in the security screen marked with security_icon in the status bar or via “View” menu. The default ports can be changed in the settings.

FTP and FTPS

File Transfer Protocol (FTP) and File Transfer Protocol Secure (FTPS) are used for transferring files between devices. The AC500 can act as FTP server in this case.

An FTP client can open an FTP session and can store and retrieve files to and from the FTP server (AC500). Focus applications are large monitoring and diagnosis networks, where e.g. thousands of plants have to independently send their data to servers and may fetch files containing updates, commands, etc. In case of FTPS, a certificate must be installed on the PLC.

FTP Vulnerabilities

FTP uses unencrypted data transfer and, hence, user credentials and file contents can be eaves-dropped on. FTPS requires a certificate inside the PLC and should be preferred.

HTTP and HTTPS

Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) are used to request information from a server or send information to the client.

By default, HTTP uses TCP port 80 and HTTPS uses TCP port 443.

HTTPS transmits HTTP telegrams with encryption, commonly using TLS or SSL. The AC500 uses a webserver for the web visualization. Both protocols HTTP and HTTPS are supported. In case of HTTPS, a certificate must be installed on the PLC.

OPC UA

OPC UA (Open Platform Communications Unified Architecture) is a collection of standards for communication and data exchange in the field of industrial automation. OPC UA describes both the transport of machine-to-machine data and interfaces and the semantics of data. The complete architecture is service-oriented.

AC500 supports TLS for OPC UA secure communication. Also needs a certificate on the PLC as well as a client certificate that also needs to be stored on the PLC.

Security screen

Use the security screen in Automation Builder to activate the use of certificates and encrypted communication.

More information about protocol vulnerabilities and recommendations about how to reduce risks can be found in the white paper ‎⮫ AC500 cyber security.