|
<< 点击显示目录 >> 主页 exOS使用助手 > exOS Automation Help > General information > Cybersecurity |
exOS 允许将基于 Linux 的软件与 AR 运行系统集成。从机器自动化的角度来看,exOS 系统是 一个 被分割成运行在 不同 操作系统 上的模块的系统 。因此,运行在 Linux 上的软件被认为是 整个机器自动化的一个组成部分,所以它也与 AR 运行时系统(Hypervisor 系统)位于同一物理位置。
在管理程序设置中,两个操作系统都在一个硬件平台上运行。两个系统之间的互连是通过共享内存接口在内部建立的。因此,从安全角度来看,AR 和 Linux 之间的任何数据传输都被保存在单个主机内,不会通过以太网网络接口等方式暴露给外界。
在仿真设置中,AR 运行在 PLC 上,而 Linux 则运行在专用的仿真 PC(虚拟机)或开发 PC 的 Linux 子系统(Linux 的 Windows 子系统)上。两个系统之间通过虚拟以太网网络接口建立互联。出于安全考虑,这种连接应是点对点的,即相当于 PLC 和 PC 之间的直接电缆连接。应避免将该网络与物理网络桥接。
•exOS 服务器不提供用户身份验证和加密,因此每个人都可以通过 OPC UA 连接并与 Linux 系统交互
•exOS服务器以 root 权限运行,以便进行软件包安装(如通过 dpkg)。
•所有 exOS Linux 程序都以与 exOS 服务器相同的用户运行。无法进行单独的用户账户管理。
•exOS Linux 程序以 root 权限执行,以便客户能够完全访问 Linux 系统并获得灵活性(例如,访问外部硬件)。
在 Linux 系统上,exOS 需要安装服务器组件,而 AR 系统则作为客户端。在安装 exOS 服务器软件包时,用户必须选择与这些服务器组件绑定的(物理)网络接口。然后在防火墙上的该接口上专门打开所需的端口。
使用的端口有
•4840/tcp (opc.tcp):固定端口号
•*/tcp(exOS 二进制端口):可在 AS 软件中配置,每个数据连接一个端口
因此,系统管理员可以通过防火墙在所有网络接口上阻止所有进入的流量,而 exOS 流量仍然可以通过,但仅限于选定的接口。
•托管 exOS 环境的硬件(即安装了虚拟机管理程序的个人电脑)应放置在上锁的机柜内,只有经过授权的工作人员才能实际接触到它。
•如果个人计算机的任何物理网络端口连接到另一个网络,则必须安装防火墙,拒绝所有未经授权的访问。
•AS软件 项目中只能包含来自可信来源的 exOS 软件包。
•要对安装进行详尽的安全分析,必须在最终运行环境中对设置进行评估。
exOS allows the integration of Linux-based software with the Automation Runtime system. From the machine automation perspective, an exOS system is one system that is split into modules running on different Operating Systems. The software running on Linux is therefore considered an integral part of the whole machine automation, so it is also physically located together with the Automation Runtime system (Hypervisor system).
In the hypervisor setup, both Operating Systems are executed on a single hardware platform. The interconnection between the two systems is established internally via a shared memory interface. So, from security perspective, any data transfer between Automation Runtime and Linux is kept inside a single host and is not exposed to the outside world, e.g. via an Ethernet network interface.
In the simulation setup, Automation Runtime is running on a PLC, while Linux is running on either a dedicated simulated PC (Virtual machine) or a Linux subsystem of the development PC (Windows Subsystem for Linux). The interconnection between the two systems is established via a virtual Ethernet network interface. Due to security considerations, this connection shall be point-to-point, i.e. equal to a direct cable between the PLC and the PC. Any bridging of this network to a physical network shall be avoided.
•The exOS server does not offer user authentication and encryption, hence everybody may connect via OPC UA and interact with the Linux system
•The exOS server is running with root privileges in order to allow package installation (e.g. via dpkg)
•All exOS Linux programs are running with the same user that the exOS server is running. Individual user account management is not possible.
•exOS Linux programs are executed with root privileges in order to grant customers full access and flexibility on the Linux system (e.g. to access external hardware)
On the Linux system, exOS requires the installation of server components, while the AR system acts as a client. During the installation of this exOS server package, the user has to select the (physical) network interface to which these server components shall be bound. The required ports are then exclusively opened on that interface on the firewall.
The used ports are:
•4840/tcp (opc.tcp): Fixed port number
•*/tcp (exOS binary): Configurable in Automation Studio, one port per data connection
The system administrator may therefore block all incoming traffic via a firewall on all network interfaces, while exOS traffic is still coming through, but only on the selected interface.
Measures recommended for operating an exOS system
•The hardware hosting the exOS environment (i.e. the PC with Hypervisor setup) shall be located inside a locked cabinet, so only authorized staff may get physical access to it.
•If any physical network port of the PC is connected to another network, a firewall shall be in place to deny all unauthorized access.
•Only exOS Packages coming from a trustworthy source shall be included in the Automation Studio project.
•For an exhaustive security analysis of an installation, the setup has to be evaluated in its final operating environment.