Secure Software (by Design): Is that possible? Part 3
The basic architecture of the software already supports the implementation of modern security concepts.
The zenon Product Family has consistently used a service-orientated architecture. These Windows services take on the communication between the individual applications or application layers as defined and documented interfaces. The person in charge of IT or security therefore always has a defined interface landscape through which zenon automation systems can be addressed from outside. Unwanted surprises are avoided. If it is a critical system, the communication ports can be deactivated or protected by using firewalls for example.
For example, it is possible to open the logging server to other selected systems for analysis, while the actual productive system remains protected behind a firewall. Only the logging service exchanges data between the two systems. This way, it is possible to create “isolated sections” in the infrastructure that can be used to influence which security mechanisms remain “hidden”. Direct access to the core system is made considerably more difficult.
However, if a protected product system is attacked despite all the precautions, only the known services and ports are available to the hacker at first. Should these ports be closed down or made to crash, the actual productive system, for example the automation server, is not affected by this. Production can continue without restrictions and more importantly without data loss.
As a result of the targeted use of new technologies and a security concept that is integrated directly into the development processes and with an intelligent and flexible software architecture, IT experts are enabled to be in a position to design and implement secure systems.