When developing SCADA and HMI applications for deployment, it is critical to utilize best practices for security. This is particularly important for applications that may be exposed to the web or other networks.
We strongly encourage you to implement more secure deployment practices, as well as other security measures such as ensuring that your version of InduSoft Web Studio is the most recent version. The current version of InduSoft Web Studio will include patches for all known vulnerabilities. You can review and download the most recent version of InduSoft Web Studio here (must be logged in to your InduSoft account).
Security Settings – For all projects, we recommend you enable the project security system and set a password for the default Guest user, regardless of any other users or groups you create. We also recommend you enable security in the Remote Agent, if the project is running remotely.
TCP/IP Server Runtime – The TCP/IP Server (a.k.a. the Data Server) allows some client processes to access your project database. These client processes include: the local Viewer module, the Mobile Access Runtime, Secure Viewer / Web Thin Client, remote debugging tools, and other projects that have a TCP/IP Client worksheet configured. If you are not using any of these client processes and your project is running as a “headless” system, it is very important to ensure the TCP/IP Server Runtime task in your project runtime is stopped.
- If you cannot stop the TCP/IP Server Runtime task, make sure your project is running on a private network that is logically separated from the Internet.
- If you cannot run your project on a private network, configure your network gateway to block ports 1234 and 51234 and then use Mobile Access or Web Tunneling Gateway to control access to your project.
- If you cannot block these ports, it is imperative to configure strong security settings for users and guests, with strong passwords.