Confidentiality And Integrity; Communication Protocols; Firmware Signatures; Logging And Auditing - GE PACSystems RX3i Secure Deployment Manual
Profinet io devices
Hide thumbs
Also See for PACSystems RX3i:
- User manual (169 pages) ,
- Command line interface manual (116 pages) ,
- Application manual (39 pages)
Table of Contents
Advertisement
Chapter 4. Security Capabilities
4.5 Confidentiality and Integrity
Communication Protocols
Some communications protocols provide features that help protect data while it is in flight
– actively moving through a network. The most common of these features include:
•
Encryption: Protects the confidentiality of the data being transmitted.
•
Message Authentication Codes: Ensures message authenticity and integrity by cryptographically
detecting message tampering or forgery. This ensures the data originated from the expected source
and was not altered since it was transmitted, regardless of whether or not it was malicious.
Currently, only the Web Page Reset Password HTTPS communications provides Encryption. None of other the
communications protocols supported by PROFINET I/O Devices provide either of these features, as detailed in
the table below. Therefore, compensating controls may be required to meet an installation's security
requirements for protecting data in-flight.
Protocol-Provided Security Capabilities
Transport Medium
ETHERNET
Serial
Firmware Signatures
Some PROFINET I/O Devices supplied by GE Automation & Controls may have digitally signed firmware images
to provide cryptographic assurance of the firmware's integrity. For PROFINET I/O Devices that support this
feature, a digital signature is used to verify that any firmware being loaded onto the module was supplied by
the General Electric Company, and has not been modified. If the digital signature validation fails, the new
firmware will not be installed onto the device.
Logging and Auditing
PROFINET I/O Devices supplied by GE Automation & Controls do not provide a dedicated security log
embedded within the module, nor do they integrate with an external Security Information and Event
Management (SIEM) system.
20
Protocol
Data Encryption
DCE/RPC
HTTP
HTTPS
PROFINET DCP
PROFINET I/O
MRP
SNP Slave
PACSystems PROFINET IO Devices Secure Deployment Guide
Message Authentication Codes
N
N
Y
N
N
N
N
N
N
N
N
N
N
N
GFK-2904D
Advertisement
Table of Contents
