4 Threats
Security threats applicable to networked systems include:
•
Unauthorised Access
•
Communications Snooping
•
Viruses and other malicious software agents
4.1 Unauthorised access
This threat includes physical access to the controller and intrusion into the network to which TPPR system is connected,
from the business network / intranet or the Internet.
Unauthorized external access can result in:
•
Loss of system availability
•
Incorrect execution of controls causing damage to the building, incorrect operation, or spurious alarms
•
Theft or damage of its contents
•
The capture, modification, or deletion of data
•
Loss of reputation if the external access becomes public knowledge
Unauthorised access to the system can result from:
•
Lack of security of user name and password credentials
•
Uncontrolled access to the controller
•
Uncontrolled access to the network and network traffic
4.2 Communications snooping
This threat includes snooping on or tampering with the Ethernet communication link on port 4000 (remote configuration port)
while the port is enabled, by means of man-in-the-middle, packet replay or similar methods.
Tampering with the communication link can result in:
•
Loss of system availability
•
Incorrect configuration and so incorrect execution of TPPR safety function
•
The capture, modification, or deletion of data
The configuration port is open when the PC Configuration tool is in use, and for initial setup and maintenance of the
Webserver utility.
The configuration port can only be opened by users having physical access to the controller and suitable login credentials.
The configuration port is time limited and cannot be left open when not in use.
4.3 Viruses and other malicious software agents
This threat encompasses malicious software agents such as viruses, spyware (trojans), and worms. These may be present:
•
On a PC which is used for PC Configuration Software
•
On PCs from which TPPR web interface is accessed using web clients
•
On any other nodes of the network to which TPPR system is connected
The intrusion of malicious software agents can result in:
•
Performance degradation
•
Loss of system availability
•
The capture, modification, or deletion of data, including configuration data and device logs
Viruses can be transmitted by media such as USB memory devices and SD cards, from other infected systems on the
network, and from infected or malicious Internet sites.
Pt. No. 2400M2567_1
THREATS
7
Touchpoint Pro
Security Guide