ProSafe-RS Security Guide - Yokogawa

User'sManual

ProSafe-RSSecurity Guide

IM 32Q01C70-31E

IM 32Q01C70-31E4th Edition

IntroductionThis manual is a guide for implementing security measures in the ProSafe-RS system from aviewpoint of information technology (IT).It explains security models and setting details of ProSafe-RS. Please read this manual tolearn about the details of security settings.The intended readers of this manual are engineers who examine construction and operationof the ProSafe-RS system.

i

Media No. IM 32Q01C70-31E (CD) 4th Edition : Jan. 2015 (YK)All Rights Reserved Copyright © 2011, Yokogawa Electric Corporation

IM 32Q01C70-31E 4th Edition : Jan.30,2015-00

Safety Precautions for Usen Safety, Protection, and Modification of the Product

• To protect the system controlled by the Product and the Product itself and to ensure safeoperation, please observe the safety precautions described in this Manual. YokogawaElectric Corporation ("YOKOGAWA") assumes no liability for safety if users fail to observethe safety precautions and instructions when operating the Product.

• If the Product is used in a manner not specified in the User's Manuals, the protection pro-vided by the Product may be impaired.

• If any protection or safety circuit is required for the system controlled by the Product or forthe Product itself, please install it externally.

• Use only spare parts that are approved by YOKOGAWA when replacing parts or consum-ables of the Product.

• Do not use the Product and its accessories such as power cords on devices that are notapproved by YOKOGAWA. Do not use the Product and its accessories for any purposeother than those intended by YOKOGAWA.

• Modification of the Product is strictly prohibited.

• The following symbols are used in the Product and User's Manuals to indicate the accom-panying safety precautions:

Indicates that caution is required for operation. This symbol is labeled on the Prod-uct to refer the user to the User's Manuals for necessary actions or behaviors inorder to protect the operator and the equipment against dangers such as electricshock. In the User's Manuals, you will find the precautions necessary to preventphysical injury or death, which may be caused by accidents, such as electricshock resulting from operational mistakes.Identifies a protective conductor terminal. Before using the Product, you mustground the protective conductor terminal to avoid electric shock.Identifies a functional grounding terminal. A terminal marked "FG" also has thesame function. This terminal is used for grounding other than protective grounding.Before using the Product, you must ground this terminal.Indicates an AC supply.

Indicates a DC supply.Indicates the ON position of a power on/off switch.

Indicates the OFF position of a power on/off switch.

n Notes on Handling User's Manuals• Hand over the User's Manuals to your end users so that they can keep the User's Man-

uals on hand for convenient reference.

• Thoroughly read and understand the information in the User's Manuals before using theProduct.

• For the avoidance of doubt, the purpose of the User's Manuals is not to warrant that theProduct is suitable for any particular purpose but to describe the functional details of theProduct.

• Contents of the User's Manuals are subject to change without notice.

ii


• Every effort has been made to ensure the accuracy of contents in the User's Manuals.However, should you have any questions or find any errors, contact us or your local dis-tributor. The User's Manuals with unordered or missing pages will be replaced.

n Warning and Disclaimer• Except as specified in the warranty terms, YOKOGAWA shall not provide any warranty for

the Product.

• YOKOGAWA shall not be liable for any indirect or consequential loss incurred by eitherusing or not being able to use the Product.

n Notes on Software• YOKOGAWA makes no warranties, either expressed or implied, with respect to the Soft-

ware Product's merchantability or suitability for any particular purpose, except as speci-fied in the warranty terms.

• Purchase the appropriate number of licenses of the Software Product according to thenumber of computers to be used.

• No copy of the Software Product may be made for any purpose other than backup; other-wise, it is deemed as an infringement of YOKOGAWA's Intellectual Property rights.

• Keep the software medium of the Software Product in a safe place.

• No reverse engineering, reverse compiling, reverse assembling, or converting the Soft-ware Product to human-readable format may be performed for the Software Product.

• No part of the Software Product may be transferred, converted, or sublet for use by anythird-party, without prior written consent from YOKOGAWA.

iii


Documentation Conventionsn Symbols

The following symbols are used in the User's Manuals.

Identifies instructions that must be observed to avoid physicalinjury, electric shock, or death.

Identifies instructions that must be observed to prevent damageto the software or hardware, or system failures of the Product.

Identifies important information required to understand opera-tions or functions.

Identifies additional information.

Identifies referenced content.In online manuals, you can view the referenced content by click-ing the links that are in green text. However, this action does notapply to the links that are in black text.

n Typographical ConventionsThe following typographical conventions are used throughout the User's Manuals.

l Commonly Used Conventions throughout the User's Manuals• Δ Mark

Indicates that a space must be entered between character strings.Example:

.ALΔPIC010Δ-SC• Character string enclosed by braces { }

Indicates character strings that may be omitted.Example:

.PRΔTAG{Δ.sheet name}

l Conventions Used to Show Key or Button Operations• Characters enclosed by brackets [ ]

When characters are enclosed by brackets in the description of a key or button operation,it indicates a key on the keyboard, a button name in a window, or an item in a list boxdisplayed in a window.Example:

To alter the function, press the [ESC] key.

l Conventions of a User-defined Folder• User-defined folder name enclosed by parenthesis ( )

User definable path is written in a pair of parentheses.Example:

(RS Project Folder)\SCS0101

iv


If the RS Project Folder is C:\MYRSPJT, the above path becomes C:\MYRSPJTSCS0101.

n Drawing ConventionsDrawings used in the User's Manuals may be partially emphasized, simplified, or omitted forthe convenience of description.Drawings of windows may be slightly different from the actual screenshots with different set-tings or fonts. The difference does not hamper the understanding of basic functionalities andoperation and monitoring tasks.

n Integration with CENTUMThe Product can be integrated with CENTUM VP or CENTUM CS 3000. In the User's Man-uals, the integration with CENTUM VP or CENTUM CS 3000 is referred to as "Integration withCENTUM."In the User's Manuals, the explanations for integrating the Product with CENTUM VP orCENTUM CS 3000, the glossary for various features of CENTUM VP is used instead of theglossary for CENTUM CS 3000. For example, the term "CENTUM VP System Alarm View" isused instead of "CENTUM CS 3000 System Alarm window." Nevertheless, if the features forintegrating the Product with CENTUM VP and CENTUM CS 3000 are different, both featureswill be explained separately.

SEEALSO For more information about the functions and usage of CENTUM VP components for integrating the Product

with CENTUM VP, refer to:

User's Manuals (IM), Technical Information (TI), and General Specifications (GS) of CENTUM VP

For more information about the features and usage of CENTUM CS 3000 components for integrating theProduct with CENTUM CS 3000, refer to:

User's Manuals (IM), Technical Information (TI), and General Specifications (GS) of CENTUM CS 3000

n Explanation of Hardware and Software Behaviors in the User'sManuals

In the User's Manuals, system behaviors are explained assuming that the latest versions ofYOKOGAWA software and hardware at the time of publication of the User's Manuals are in-stalled.If additional precise information about the safety of legacy versions of software or hardware isrequired, a link to the corresponding explanation is provided. Please refer to the informationaccording to your system.

n Station TypesA safety control station (hereafter referred to as SCS) is named according to the type of thesafety control unit used in it.

Table Info-1 Names of SCS and Safety Control Unit UsedName of SCS Model of the safety control unit

SCSV1-S SSC10S/SSC10D

SCSP1-S SSC50S/SSC50D

SCSP2-S SSC60S/SSC60D

SCSU1-S SSC57S/SSC57D

In the User's Manuals, the following abbreviations may be used to describe functions of theseSCS as a whole.

v


• SCSV1: Abbreviation of SCSV1-S

• SCSP1: Abbreviation of SCSP1-S

• SCSP2: Abbreviation of SCSP2-S

• SCSU1: Abbreviation of SCSU1-S

vi


Copyright and Trademark Noticesn All Rights Reserved

The copyright of the programs and online manuals contained in the software medium of theSoftware Product shall remain with YOKOGAWA.You are allowed to print the required pages of the online manuals for the purposes of using oroperating the Product; however, reprinting or reproducing the entire document is strictly pro-hibited by the Copyright Law.Except as stated above, no part of the online manuals may be reproduced, transferred, sold,or distributed to a third party in any manner (either in electronic or written form including, with-out limitation, in the forms of paper documents, electronic media, and transmission via thenetwork). Nor it may be registered or recorded in the media such as films without permission.

n Trademark Acknowledgments• CENTUM, ProSafe, Vnet/IP, and STARDOM are registered trademarks of YOKOGAWA.

• Microsoft, Windows, Windows Vista, Windows Server, Visual Basic, Visual C++, and Vis-ual Studio are either registered trademarks or trademarks of Microsoft Corporation in theUnited States and other countries.

• Adobe, Acrobat, and Adobe Reader are registered trademarks of Adobe Systems Incor-porated.

• Ethernet is a registered trademark of Xerox Corporation.

• HART is a registered trademark of the HART Communication Foundation.

• Modicon and Modbus are registered trademarks of Schneider Electric SA.

• All other company and product names mentioned in the User's Manuals are trademarksor registered trademarks of their respective companies.

• TM or ® mark are not used to indicate trademarks or registered trademarks in the User'sManuals.

• Logos and logo marks are not used in the User's Manuals.

vii


ProSafe-RS Security Guide

IM 32Q01C70-31E 4th Edition

CONTENTS1. Overview................................................................................................1-1

1.1 Security Threats to be Handled...................................................................1-21.2 Security Measures........................................................................................1-3

2. Security Models.................................................................................... 2-12.1 Overview of Security Models.......................................................................2-22.2 User/Group Management.............................................................................2-4

2.2.1 User Management Methods........................................................... 2-5

2.2.2 User Authentication Modes............................................................ 2-6

2.2.3 Users/Groups Respect to the Combination of User Managementand Security Model.........................................................................2-7

3. Details of Security Measures...............................................................3-13.1 Access Control............................................................................................. 3-2

3.1.1 Access Permissions to Files and Folders.......................................3-3

3.1.2 Package Configuration and Users/Groups.....................................3-6

3.1.3 Registry Configuration and User/Group......................................... 3-7

3.1.4 DCOM (OPC) and User/Group.......................................................3-8

3.1.5 Local Security and User/Group...................................................... 3-9

3.2 Personal Firewall Tuning........................................................................... 3-103.3 Stopping Unused Window Services......................................................... 3-123.4 Changing IT Environment Settings...........................................................3-13

3.4.1 Disabling the Built-in Administrator Account or Changing its UserName............................................................................................3-14

3.4.2 Hiding the Last Logon User Name............................................... 3-15

3.4.3 Applying the Software Restriction Policies................................... 3-16

3.4.4 Applying AutoRun Restrictions.....................................................3-18

3.4.5 Applying the StorageDevicePolicies Function..............................3-19

3.4.6 Disabling USB Storage Devices...................................................3-20

3.4.7 Disabling NetBIOS over TCP/IP...................................................3-21

3.4.8 Changing the LAN Manager Authentication Level....................... 3-22

3.4.9 Applying the Password Policies................................................... 3-23

3.4.10 Applying the Audit Policy..............................................................3-24

3.4.11 Applying the Account Lockout Policy........................................... 3-25

3.4.12 HDD Password Function by BIOS................................................3-26

Toc-1


4. Selection of Security Functions..........................................................4-14.1 Items to be Considered before Setting Security Functions..................... 4-2

5. Precautions on Operations..................................................................5-15.1 Windows Account Management..................................................................5-2

5.1.1 Common Account Management.....................................................5-3

5.1.2 Individual Account Management.................................................... 5-4

5.1.3 Common Precautions for Common Account Management/IndividualAccount Management.................................................................... 5-5

5.2 Related Programs.........................................................................................5-65.3 Measures for Secure Use.............................................................................5-7

6. Utility Programs for Security Settings................................................6-16.1 IT Security Tool............................................................................................. 6-26.2 Other Utility Programs............................................................................... 6-12

Toc-2


1. OverviewThis manual is a guide for implementing security measures in the system and for its opera-tion.By operating the system with security measures implemented, the ProSafe-RS system is pro-tected from existing and future security threats.The security models described in this manual are based on general configuration of ProSafe-RS. You must consider engineering and operation practices when applying these models tothe actual systems.

n Security-related Terms Used in the ManualThe following table describes the security-related terms.

Table 1-1 Security-related TermsTerm Explanation

IT securitySecurity measures considered based on given IT environment, in orderto protect the system and fight against current and future securitythreats including cyber terrorism.

User authentication modeA scheme that prescribes the method of managing Windows users andProSafe-RS users. Two modes are available: Windows authenticationmode and ProSafe authentication mode.

ProSafe authentication modeOne of user authentication modes. This mode manages ProSafe-RSusers and their access permissions independently of the Windowsmanagement functions.

Windows authentication mode One of user authentication modes. This mode links credentials of Win-dows users and ProSafe-RS users.

Kerberos authentication

The default authentication method of Windows domain and it is used ina domain environment where the server and client PCs are mixed forsingle sign on. Once a user is authenticated; the authentication will bevalid for entire system.

Personal firewall Firewall operating on PC and domain controller, including firewalls oth-er than the Windows standard firewall.

<1. Overview> 1-1


1.1 Security Threats to be HandledThis section describes the security threats that the security functions of ProSafe-RS shoulddeal with.

n Security ThreatsThe security threats that can harm the ProSafe-RS system are as follows:1. Attacks over the network

Threats from individuals without any rights to the ProSafe-RS system via networks suchas intranets, as well as the resultant threats of leakage of important data of the ProSafe-RS system.

2. Direct attacks through operation of SENGThreats where individuals without any rights to the ProSafe-RS system directly operatean SENG to affect the system and steal important data.

3. Theft of SENG or data.Threats where an SENG or data is stolen and important data is analyzed.

SCS SCS

Control bus

Domain controller/file serverSENG

Firewall

Ethernet

Intranet

2. Direct attacks through operation of SENG

3. Theft of SENGor data

1. Attacks over network

Figure 1.1-1 Security Threats

<1.1 Security Threats to be Handled> 1-2


1.2 Security MeasuresThis section describes the security measures against security threats. Identify security meas-ure items required for the ProSafe-RS system and, from among them, select the required se-curity measures according to the level of security strength.

n Security Measures and Handled Security ThreatsIn order to fight against security threats, we arranged security measures applied in securityguides for each OS issued by Microsoft and general business network environment and iden-tified a set of security measures for the ProSafe-RS system. The security measures are clas-sified into four security types. The following table describes the security measures and thethreats that each measure handles.

Table 1.2-1 Security Measures and Handled Threats

Security measure SubcategoryThreat handled (*1)

[1] [2] [3]Access control - Yes Yes No

Personal firewall tuning - Yes No No

Stopping unused Win-dows services - Yes No No

Changing IT environmentsettings

Disabling the built-in Administratoraccount or changing its user name

Yes Yes No

Hiding the last logon user name Yes Yes No

Applying the software restriction poli-cies

Yes Yes No

Applying AutoRun restrictions No Yes No

Applying the StorageDevicePoliciesfunction

No Yes Yes

Disabling USB storage devices No Yes Yes

Disabling NetBIOS over TCP/IP Yes No No

Changing the LAN Manager authenti-cation level

Yes No No

Applying the password policy Yes Yes No

Applying the audit policy Yes Yes No

Applying the account lockout policy Yes Yes No

HDD password function by BIOS No No Yes

*1: [1]: Attacks over the network[2]: Direct attacks through operation of SENG[3]: Theft of SENG or data

<1.2 Security Measures> 1-3


2. Security ModelsProSafe-RS provides three types of security models, Legacy model, Standard model, andStrengthened model, according to the required security strength, in order to flexibly accom-modate system configuration and operation. Required security measure items are incorpora-ted in the security models.

IMPORTANTPlease consult YOKOGAWA if IT security of the Strengthened model is required.

<2. Security Models> 2-1


2.1 Overview of Security ModelsThis section describes the features of security models and the relationship between securitymodels and their corresponding security measures.

n Security ModelsThe features of the three security models, Legacy model, Standard model, and Strengthenedmodel, are as follows:• Legacy model

This model does not strengthen security. Use this model when you connect the systemwith Yokogawa products that do not support security measures.

• Standard modelThis model places importance on operation of ProSafe-RS systems and collaborationwith other systems (Exaopc, CENTUM VP, and so on) and guards against "attacks overthe network" and "direct attacks through operation of SENG." The Standard model doesnot guard against "theft of SENG or data" because this threat is considered not likely tohappen to ProSafe-RS systems.

• Strengthened modelThis model takes all measures against any security treats. If all security measures aretaken, operation and so on may be affected. Take measures according to the characteris-tics of each system for non-mandatory items.

n Security Models and Security MeasuresThe following table shows the security measures supported in each security model.The table also shows the security measures with subcategories for which access permissionsdefined in group policies take priority in an environment where group policies are used.

Table 2.1-1 Security Measures Corresponding to Security Models

Security measure Subcategory

Security measure suppor-ted

Grouppoli-ciestake

priorityLegacyModels

Stand-ard

Models

StrengthenedModels

Access control - - Yes Yes -

Personal firewall tuning - - Yes Yes Yes

Stopping unused Windows serv-ices - - - Yes Yes

Continues on the next page

<2.1 Overview of Security Models> 2-2


Table 2.1-1 Security Measures Corresponding to Security Models (Table continued)

Security measure Subcategory

Security measure suppor-ted

Grouppoli-ciestake

priorityLegacyModels

Stand-ard

Models

StrengthenedModels

Changing IT environment set-tings

Disabling the built-in Administratoraccount or changing its username

- - Yes Yes

Hiding the last logon user name Yes Yes Yes Yes

Applying the software restrictionpolicies

- Yes Yes Yes

Applying AutoRun restrictions Yes Yes Yes Yes

Applying the StorageDevicePoli-cies function

- Yes Yes Yes

Disabling USB storage devices - Yes Yes Yes

Disabling NetBIOS over TCP/IP - Yes Yes -

Changing the LAN Manager au-thentication level

- Yes Yes Yes

Applying the password policy - - Yes Yes

Applying the audit policy - - Yes Yes

Applying the account lockout poli-cy

- - Yes Yes

HDD password function by BIOS - - Yes -

SEEALSO For more information about security measures, refer to:

3., “Details of Security Measures” on page 3-1

For more information about the tool used to set the Legacy model and Standard model, refer to:

6.1, “IT Security Tool” on page 6-2

<2.1 Overview of Security Models> 2-3


2.2 User/Group ManagementThis section describes the relationship between Windows user management types and theProSafe-RS system. Access control is set for each user group explained in this section.

<2.2 User/Group Management> 2-4


2.2.1 User Management MethodsWindows provides two methods of managing users: standalone management and domainmanagement.ProSafe-RS also supports a user management method called combination management thatcombines standalone management and domain management.

Table 2.2.1-1 User Management MethodsUser management

typeRequired configu-

ration Operation Feature

Standalone man-agement

Configuration of thesystem built up withProSafe-RS only.

Operated by regis-tering user accountsused in each of allSENGs.

• Simple configuration not requiring do-main controller.

• Since account management is requiredfor each PC, all PCs must be main-tained at user account maintenance,making this method not suited forlarge-scale systems.

• It is not possible to separate adminis-trative rights to the PC and mainte-nance rights to ProSafe-RS.

Domain manage-ment

Construction of do-main controller isrequired in additionto the system builtup with ProSafe-RS.

Operated by regis-tering user accountsused to the domaincontroller.

• Centralized management of users ispossible, allowing less human errors.

• It is possible to separate administrativerights to the PC and maintenancerights to ProSafe-RS.

Combination man-agement

Construction of do-main controller isrequired in additionto the system builtup with ProSafe-RS.

Operated the sameway as for the do-main managementin normal operation.

• Even if a domain controller is not avail-able, continuous operation is possibleby managing accounts of each PC.

• It is not possible to separate adminis-trative rights to the PC and mainte-nance rights to ProSafe-RS.

TIP With combination management, users are normally managed by domain management. When required, userscan be managed by standalone management. An example case is as follows:In normal operation, user creation is centralized at an administrative section using the domain management.However, it is desired that assignment of rights to users is enabled on certain PCs on the authority of theperson in charge at a site.



2.2.2 User Authentication ModesWhen the Access Control and Operation History Management package is used, two user au-thentication modes, Windows authentication and ProSafe authentication, are available in aProSafe-RS system. These modes are called user authentication modes.• Windows authentication mode

Users are authenticated using Windows functions.

• ProSafe authentication modeUsers are authenticated using specific functions of ProSafe-RS.

When Windows authentication mode is set, user authentication is performed when a user logon to Windows. And when the user tries to use the SENG functions such as SCS Managerand builders, the user can go on to use them after a user authentication operation with theWindows logon user name.

SEEALSO For more information about user authentication mode setting, refer to:

“■ Specifying the User Authentication Mode” in 16.2.1, “Settings for Access Control” in Engineering Ref-erence (IM 32Q04B10-31E)



2.2.3 Users/Groups Respect to the Combination of UserManagement and Security Model

Four security configuration types are available, depending on the combination of the Windowsuser management type and the security model.• Type 1: Legacy Model

• Type 2: Standard Model / Strengthened Model - Standalone Management

• Type 3: Standard Model / Strengthened Model - Domain Management

• Type 4: Standard Model / Strengthened Model - Combination Management

TIP No matter what security model is applied, the ProSafe-RS installer creates a PSF_MAINTENANCE groupand add the user who installed the ProSafe-RS software as a member of this group. However, if the Legacymodel is applied, do not use the PSF_MAINTENANCE group. If Domain management or Combination man-agement is applied for user management, use the PSF_MAINTENANCE group of the domain.

n Type 1: Legacy ModelBy running the IT Security Tool, the users shown in the following table are automatically cre-ated.

Table 2.2.3-1 Legacy Model

User name User/group

Created loca-tion Right group Explanation

LIC_PROCESS User Local PC Users

User account for running licensemanagement processes (Win-dows services) that does not haveWindows logon rights.

EXAUSER User Local PC UsersUser account for running the SCSSOE OPC server that does nothave Windows logon rights.

IMPORTANTUse these user accounts only for running ProSafe-RS products.

n Type 2: Standard Model/Strengthened Model - StandaloneManagement

By running the IT Security Tool, the users and user groups shown in the following table areautomatically created.

Table 2.2.3-2 Standard Model/Strengthened Model - Standalone Management

User/group name User/group


PSF_OPERATOR Group Local PC Users (*1)

Group of users for enablingCENTUM VP operators to accessProSafe-RS when the system isintegrated with CENTUM VP.

PSF_ENGINEER Group Local PC Users (*1)

Group of users who perform Pro-Safe-RS system engineering byusing SCS Manager and otherprograms.




Table 2.2.3-2 Standard Model/Strengthened Model - Standalone Management (Table continued)



PSF_OPC Group Local PC Users (*1) Group of users who perform OPCcommunication with ProSafe-RS.

PSF_MAINTENANCE Group Local PC Administrators(*1)

Group of users who perform sys-tem installation and ProSafe-RSmaintenance.

PSF_UTL Group Local PC Users (*1)

Group of users who use tools foranalyzing ProSafe-RS project da-ta.Safe operation of the tools is en-sured because the members ofthis group cannot write to projectfolders.

PSF_PROCESS User Local PC Users

User account for running ProSafe-RS processes (Windows services)that does not have Windows logonrights.


User account for running licensemanagement processes (Win-dows services) that does not haveWindows logon rights.

*1: You need to assign the users who belong to the created group to the group shown in the Right group column.

IMPORTANT• Use these user accounts and groups only for running ProSafe-RS products.

• If you change the security model, existing user groups may be deleted or their namesmay be modified without confirmation.

n Type 3: Standard Model/Strengthened Model - Domain ManagementBy running the IT Security Tool, the users and user groups shown in the following table areautomatically created.

Table 2.2.3-3 Standard Model/Strengthened Model - Domain Management



PSF_OPERATOR Group Domain con-troller

Domain Users(*1)

Group of users for enablingCENTUM VP operators to ac-cess ProSafe-RS when thesystem is integrated withCENTUM VP.

PSF_ENGINEER Group Domain con-troller

Domain Users(*1)

Group of users who performProSafe-RS system engineer-ing by using SCS Managerand other programs.

PSF_OPC Group Domain con-troller

Domain Users(*1)

Group of users who performOPC communication with Pro-Safe-RS.




Table 2.2.3-3 Standard Model/Strengthened Model - Domain Management (Table continued)



PSF_OPC_LCL Group Local PC Users (*1)

Supplementary group of userswith the same rights asPSF_OPC but do not supportDomain management, such asusers embedded in the EXApackage. This group is notused in normal operations.

PSF_MAINTENANCE Group Domain con-troller

Domain Admins(*1)

Group of users who performsystem installation and Pro-Safe-RS maintenance.

PSF_MAINTENANCE_LCL Group Local PC Administrators(*1)

Group of users with the samerights as PSF_MAINTE-NANCE that is used only foremergency situations whenthe domain environment is ab-normal. This group is not usedin normal operations. The userwho installed the ProSafe-RSsoftware becomes a memberof this group.


Group of users who use toolsfor analyzing ProSafe-RS proj-ect data.Safe operation of the tools isensured because the mem-bers of this group cannot writeto project folders.


User account for running Pro-Safe-RS processes (Windowsservices) that does not haveWindows logon rights.


User account for running li-cense management processes(Windows services) that doesnot have Windows logonrights.




n Type 4: Standard Model/Strengthened Model - CombinationManagement

By running the IT Security Tool, the users and user groups shown in the following table areautomatically created.



Table 2.2.3-4 Standard Model/Strengthened Model - Combination Management



PSF_OPERATOR Group Domain con-troller

Domain Users(*1)

Group of users for enablingCENTUM VP operators to ac-cess ProSafe-RS when thesystem is integrated withCENTUM VP.

PSF_OPERATOR_LCL Group Local PC Users (*1)

Group of users for operatorsthat is used in a PC wherestandalone management isperformed.

PSF_ENGINEER Group Domain con-troller

Domain Users(*1)

Group of users who performProSafe-RS system engineer-ing by using SCS Managerand other programs.

PSF_ENGINEER_LCL Group Local PC Users (*1)

Group of users who performProSafe-RS system engineer-ing by using SCS Managerand other programs. Thisgroup is used in a PC wherestandalone management isperformed.

PSF_OPC Group Domain con-troller

Domain Users(*1)

Group of users who performOPC communication with Pro-Safe-RS.

PSF_OPC_LCL Group Local PC Users (*1)

Supplementary group of userswith the same rights asPSF_OPC but do not supportDomain management, such asusers embedded in the EXApackage. This group is notused in normal operations.

PSF_MAINTENANCE Group Domain con-troller

Domain Admins(*1)

Group of users who performsystem installation and Pro-Safe-RS maintenance.

PSF_MAINTENANCE_LCL Group Local PC Administrators(*1)

Group of users with the samerights as PSF_MAINTE-NANCE that is used only foremergency situations whenthe domain environment is ab-normal. This group is not usedin normal operations. The userwho installed the ProSafe-RSsoftware becomes a memberof this group.


Group of users who use toolsfor analyzing ProSafe-RS proj-ect data.Safe operation of the tools isensured because the mem-bers of this group cannot writeto project folders.


User account for running Pro-Safe-RS processes (Windowsservices) that does not haveWindows logon rights.




Table 2.2.3-4 Standard Model/Strengthened Model - Combination Management (Table continued)




User account for running li-cense management processes(Windows services) that doesnot have Windows logonrights.






3. Details of Security MeasuresThis section describes the security measures for each security type in detail.

<3. Details of Security Measures> 3-1


3.1 Access ControlBy minimizing the access rights of ProSafe-RS users, you can prevent unauthorized access,leakage, tampering, and destruction of important data in the ProSafe-RS system. Access per-missions to files, folders, registries, DCOM modules, and local security policy are controlledby using the Windows access control functions.Access control is performed for each user or group. Users have only the rights that are gran-ted to them or to the group they belong to.

<3.1 Access Control> 3-2


3.1.1 Access Permissions to Files and FoldersIn ProSafe-RS, accesses to files and folders are controlled for each file or folder. Access tofiles and folders by users is restricted by controlling the permissions to execute, read, write,and delete in user or group units. In ProSafe-RS, access permissions are granted for eachfolder.

TIP If a file in a folder requires different access permissions, the access permissions for the file can be separatelygranted.

n Target FoldersThe following table describes the main target folders with controlled access.

Table 3.1.1-1 Target FoldersName Target folder Description

ProSafe-RS folder %ProgramFiles%\ProSafe-RS(*1)

The folder storing ProSafe-RS programs, whichis installed under the Program Files folder.

ProgramFiles Platformfolder

%ProgramFiles%\Yokogawa\IA\iPCS\Platform (*1)

The folder in which setting files for IT SecurityTool, license management data, and so on are in-stalled.

ProgramData Platformfolder

%ProgramData%\Yokogawa\IA\iPCS\Platform (*2)

The folder in which data files such as the settingfiles for IT Security Tool and license managementdata files are installed.

Windows folder %windir%\system32 (*3) The folder in which Windows maintenance toolsare installed.(*4)

Windows folder %windir%\SysWOW64 (*3) The folder in which Windows maintenance toolsare installed. (*4) (*5)

Project Data folder The folder for storing ProSafe-RS project files.

The folder to which a shared name, RS-Projects,is assigned.Note:You can assign the shared name only to a user-created folder. Do not assign to a folder createdby the installer or ProSafe-RS system. Excep-tionally, however, you can assign the sharedname to the %SystemDrive%\RS-Projects folder.(*6)

RS-Share folder The folder for storing datashared by ProSafe-RS stations.

The folder to which a shared name, RS-Share, isassigned.Note:You can assign the shared name only to a user-created folder. Do not assign to a folder createdby the installer or ProSafe-RS system.

*1: %ProgramFiles% refers to the following folder. This example is when the system drive is drive C .Example:

C:\Program FilesHowever, the folder for Windows 7 and Windows Server 2008 R2 is as follows:Example:

C:\Program Files (x86)*2: %ProgramData% refers to the following. This example is when the system drive is drive C.

Example:

C:\ProgramData*3: %windir% refers to the following folder. This example is when the system drive is drive C.

Example:

C:\Windows*4: Access permissions are set for certain files in the folder.*5: This folder is only provided in Windows 7 and Windows Server 2008 R2.*6: %SystemDrive% refers to the following drive. This example is when the system drive is drive C.

Example:

C:



n Access Permissions to ProgramsFunctions that each user can use are restricted by setting access permissions to each Pro-Safe-RS function (program) for each user or group.The following table shows the access permissions to run programs registered in the Startmenu that are granted to each user and group . Only the users or users of a group to whichthe access permission is granted can run the program.

Table 3.1.1-2 Access Permissions to Programs that are Started from the Start Menu

Items on Start MenuUser/group (*1)

[1] [2] [3] [4] [5] [6] (*2) [7] [8][YOKOGAWA License ]

License Management Tool Yes Yes Yes Yes Yes No Yes Yes

[YOKOGAWA Security]

IT Security Tool No No No No Yes No No Yes

[YOKOGAWA ProSafe]

Workbench Yes Yes No No Yes(*3) No No Yes

Version Control Tool No Yes No No Yes No No Yes

Test Project Creating Tool No Yes No No Yes No No Yes

Software Configuration Viewer No Yes No No Yes No No Yes

SOE Viewer Yes Yes No No Yes No No Yes

SOE OPC Parameter Setting No Yes No No Yes No No Yes

SCS Status Overview Yes Yes No No Yes No No Yes

Project Attribute Tool No Yes No No Yes No No Yes

Message Cache Tool No Yes No No Yes No No Yes

Operation History Database Viewer Yes Yes No No Yes No No Yes

Operation History Management SetupTool No No No No Yes No No Yes

Project Comparing Tool No Yes No No Yes No No Yes

Domain Properties Setting Tool No Yes No No Yes No No Yes

[YOKOGAWA Prosafe] > [Online Manual]

Document Map Yes Yes No No Yes No Yes Yes

Read Me First Yes Yes No No Yes No Yes Yes

Workbench Yes Yes No No Yes No Yes Yes

[YOKOGAWA ProSafe] > [Maintenance]

Logsave Yes Yes No Yes Yes No Yes Yes

SCS master DB recover No Yes No No Yes No No Yes

*1: User/Group[1]: PSF_OPERATOR/PSF_OPERATOR_LCL[2]: PSF_ENGINEER/PSF_ENGINEER_LCL[3]: LIC_PROCESS[4]: PSF_OPC/PSF_OPC_LCL[5]: PSF_MAINTENANCE/PSF_MAINTENANCE_LCL[6]: PSF_PROCESS[7]: PSF_UTL[8]: Local System Account (System account for programs used by Windows)

*2: The PSF_PROCESS user cannot start programs from the start menu because it is not a logon user.*3: SCS simulator can be started only by the built-in Administrator account.



IMPORTANTThe users of PSF_MAINTENANCE and PSF_MAINTENANCE_LCL belonging to the Adminis-trators group cannot start SCS simulator. However, the built-in Administrator account user isan exception, and can start SCS simulator.



3.1.2 Package Configuration and Users/GroupsYou can control access rights of each user and group for the folders related to the installedpackages to prevent tampering and destruction of the installed modules.

n Access Permissions to Package FoldersThe following table shows the types of access permissions to package folders.

Table 3.1.2-1 Types of Access Permissions to Package Folders

Package-related folder Target folderUser/group (*1)

[1] [2] [3] [4] [5] [6] [7] [8]

ProSafe-RS folder

The folder in which Pro-Safe-RS programs are in-stalled.%Program Files%\ProSafe-RS

RW RW - RW RWD RW R RW

D

Project Data folder

The folder in which projectdata are saved.(Shared name "RSPro-jects" is assigned)

RWD

RWD

RWD

RWD

RWD

RWD R RW

D

RS-Share folder

The folder in which data ofthe Access Control andOperation History Manage-ment Package or datamanaged by Version Con-trol Tool are saved.(Shared name "RS-Share"is assigned)

RWD

RWD

RWD

RWD

RWD

RWD R RW

D

*1: User/group[1]: PSF_OPERATOR/PSF_OPERATOR_LCL[2]: PSF_ENGINEER/PSF_ENGINEER_LCL[3]: LIC_PROCESS[4]: PSF_OPC/PSF_OPC_LCL[5]: PSF_MAINTENANCE/PSF_MAINTENANCE_LCL[6]: PSF_PROCESS[7]: PSF_UTL[8]: Local System Account (System account for executing programs used by Windows)Types of access permissionR: ReadW: WriteD: Delete-: No permission



3.1.3 Registry Configuration and User/GroupYou can control access to the registries used by ProSafe-RS to prevent tampering and de-struction of them.

n Access Permissions to RegistriesThe following table shows the types of permissions to the registry keys corresponding the tar-get registries.With ProSafe-RS software release number R3.01 or later, only a read permission is grantedto Everyone of the user or group that can access the registries.

Table 3.1.3-1 Types of Access Permissions to Registries

Registry key (*1)User/group (*2)

[1] [2] [3] [4] [5] [6] [7] [8] [9]HKEY_LOCAL_MACHINE\SOFTWARE\YOKOGAWA\EXA (*3) F F F F F F F F R

HKEY_LOCAL_MACHINE\SOFTWARE\YOKOGAWA\EXAOPC(*3) F F F F F F F F R

HKEY_LOCAL_MACHINE\SOFTWARE\YOKOGAWA\PKGCOM(*3) F F F F F F F F R

HKEY_LOCAL_MACHINE\SOFTWARE\YOKOGAWA\PROSAFE-RS F F F F F F F F R

HKEY_LOCAL_MACHINE\SOFTWARE\YOKOGAWA\VHFD (*3) F F F F F F F F R

HKEY_LOCAL_MACHINE\SOFTWARE\YOKOGAWA Prosafe F F F F F F F F R

HKEY_LOCAL_MACHINE\SOFTWARE\Altersys F F F F F F F F R

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1229e510-2cd5-11d4-a174-0050da59a2ed} F F F F F F F F F

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12413-1229e511-2cd5-11d4-a174-0050da59a2ed} F F F F F F F F F

HKEY_LOCAL_MACHINE\SOFTWARE\ODBC (*3) F F F F F F F F R

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\VLNIC\Config (*3) F F F F F F F F R

HKEY_USERS\DEFAULT\SOFTWARE\YOKOGAWA (*3) F F F F F F F F R

*1: For Windows 7 and Windows Server 2008, replace HKEY_LOCAL_MACHINE\SOFTWARE with HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node.

*2: User/group[1]: PSF_OPERATOR/PSF_OPERATOR_LCL[2]: PSF_ENGINEER/PSF_ENGINEER_LCL[3]: LIC_PROCESS[4]: PSF_OPC/PSF_OPC_LCL[5]: PSF_MAINTENANCE/PSF_MAINTENANCE_LCL[6]: PSF_PROCESS[7]: PSF_UTL[8]: Local System Account (System account for executing programs used by Windows)[9]: EveryoneTypes of access permissionF: Full access controlR: Read

*3: For these registry keys, permissions are added as shown in the table without changing the existing permissions.



3.1.4 DCOM (OPC) and User/GroupConsidering software packages (including third party packages) that communicate with Pro-Safe-RS by using DCOM, you can set access permissions on DCOM applications that per-form OPC communication to prevent tampering, destruction, and theft of data through OPCcommunication.By running the IT Security Tool, permission settings of local and/or remote access to OPC ap-plications are configured for the following users and groups.User/group[1]: PSF_OPERATOR/PSF_OPERATOR_LCL[2]: PSF_ENGINEER/PSF_ENGINEER_LCL[4]: PSF_OPC/PSF_OPC_LCL[5]: PSF_MAINTENANCE/PSF_MAINTENANCE_LCL[6]: PSF_PROCESS[7]: PSF_UTLWith this configuration, only the users who belong to the user group for OPC communication([4]: PSF_OPC/PSF_OPC_LCL) are allowed to start such DCOM applications or make con-nection through the DCOM applications. In addition, port numbers of the ports used by DCOMis restricted.



3.1.5 Local Security and User/GroupThe following local security policies, in addition to Windows standard securities, are set foreach user and group.

Table 3.1.5-1 Permissions Set as Local Security Policies

PolicyUser/group (*1)

[1] [2] [3] [4] [5] [6] [7]Create global objects Yes Yes Yes Yes Yes Yes Yes

Debug programs Yes Yes Yes Yes Yes Yes Yes

Log on as a batch job Yes Yes Yes Yes Yes Yes Yes

Log on as a service No No Yes No No Yes No

Deny log on locally No No Yes No No Yes No

*1: User/group[1]: PSF_OPERATOR/PSF_OPERATOR_LCL[2]: PSF_ENGINEER/PSF_ENGINEER_LCL[3]: LIC_PROCESS[4]: PSF_OPC/PSF_OPC_LCL[5]: PSF_MAINTENANCE/PSF_MAINTENANCE_LCL[6]: PSF_PROCESS[7]: PSF_UTL



3.2 Personal Firewall TuningYou can minimize connections from networks to the PCs in the system to fight against attacksby unauthorized persons.

n Exception Setting TypeRequired communication ports are set as exception so that the functions of ProSafe-RS canoperate.The exception settings of personal firewall are classified into the following four types.

Table 3.2-1 Exception Setting TypesName Description

ProSafe-RS Related Communication ports used by ProSafe-RS related programs

DCOM Related Communication ports used by programs using DCOM communication (in-cluding OPC communication)

File Sharing Related Communication ports used by Windows file sharing functions

Windows Related Communication ports used by Windows functions (excluding file sharingfunctions)

n ProSafe-RS Related Exceptional SettingsThe following table lists the ProSafe-RS related exceptional settings.

Table 3.2-2 ProSafe-RS Related Exceptional SettingsService name/

execution file namePort No.

(protocol) Package name Remarks

RHHMsCacheSvr.exe UDP:1037 ProSafe-RS Message cache server forProSafe-RS

ETCP.exe TCP: 34405TCP:1131 ProSafe-RS Library for ProSafe-RS

Scs-Simulator - ProSafe-RS -

Yokogawa.IA.iPCS.Plat-form.License.LicenseMan-ager.Service

TCP:34417 License managementfunction -

n DCOM Related Exceptional SettingsThe following table lists the DCOM related exceptional settings.

Table 3.2-3 DCOM Related Exceptional SettingsService name/


(protocol) Assumed package name Remarks

DCOM service TCP:135 Programs using OPC com-munication

Required when using OPCcommunication.

DCOM service TCP:20501 to 20550 Programs using OPC com-munication

Required when using OPCcommunication.

n File Sharing Related Exceptional SettingsThe following table lists the file sharing related exceptional settings.

<3.2 Personal Firewall Tuning> 3-10


Table 3.2-4 File Sharing Related Exceptional SettingsService name/


(protocol) Function name Remarks

Sharing files and printersTCP:139UDP:137UDP:138

NetBIOS -

Sharing files and printers TCP:445 Direct Hosting

If NetBIOS is disabled, separatemeans of name resolution, suchas HOSTS file and registration toDNS, is required.

n Windows Related Exceptional SettingsThe following table lists the Windows related exceptional settings.

Table 3.2-5 Windows Related Exceptional SettingsService name/


(protocol)Server/station

Enabling ICMP (*1) ICMPDomain controllerFile serverProSafe-RS station

Kerberos Authentication TCP:88UDP:88 Domain controller

LDAP(Active Directory) TCP:389UDP:389 Domain controller

DNS TCP:53UDP:53 Domain controller

*1: This item may be ICMPv4 or ICMPv6, depending on the OS.

n CautionIn a domain environment, this setting may be overwritten with the setting in the domain con-troller, depending on the group policies of the domain controller. If this is your case, changethe setting in the domain controller.

<3.2 Personal Firewall Tuning> 3-11


3.3 Stopping Unused Window ServicesYou can reinforce security by stopping unused Windows services to prevent attacks by unau-thorized persons. If vulnerabilities of Windows services are abused, user information in theProSafe-RS system may be stolen or important data in the ProSafe-RS system may beleaked, tampered, or destroyed. In the worst case, attackers may steal the domain adminis-trator rights.

n Unused Windows ServicesThe following table lists the Windows services that you can stop.

Table 3.3-1 Windows Services That can be Stopped

Service ReasonWindows OS (*1)

7 Vista 2008 R2 2008

Computer Browser

This feature is used for managingthe list of computers on the net-work, and is not required in theProSafe-RS system.

Yes (*2) Yes(*3) Yes (*2) Yes (*2)

DHCP ClientNot required because DHCP serv-ices are not used in the ProSafe-RS system.

Yes (*3) Yes (*3) Yes (*3) Yes (*3)

Windows Error Re-porting Service

Not required in the ProSafe-RSsystem. Yes (*2) Yes (*3) Yes (*2) Yes (*3)

IP Helper Not required because IPv6 is notused in the ProSafe-RS system. Yes (*3) Yes (*3) Yes (*3) Yes (*3)

IPsec Policy AgentNot required because IPsec-en-crypted communication is not usedin the ProSafe-RS system.

Yes (*2) Yes (*3) Yes (*2) Yes (*3)

Offline FilesNot required because offline serv-ices are not used in the ProSafe-RS system.

Yes (*3) Yes (*3) - Yes (*2)

Remote RegistryNot required because the func-tions are not used and there areproblems in terms of security.

Yes (*2) Yes (*2) Yes (*3) Yes (*3)

Secondary Logon Not required because the func-tions are not used. Yes (*2) Yes (*3) Yes (*2) Yes (*3)

Shell Hardware Detec-tion

Not required because the func-tions are not used. Yes (*3) Yes (*3) Yes (*3) Yes (*3)

Themes Not required because the func-tions are not used. Yes (*3) Yes (*3) - Yes (*2)

WebClient Not required because the func-tions are not used. Yes (*2) Yes (*3) - -

*1: Windows OS7: Windows 7Vista: Windows Vista2008 R2 : Windows Server 2008 R22008: Windows Server 2008Yes: Services that can be stopped- : Services that do not exist in the OS

*2: When you run the IT Security Tool, the manual start-up of the Windows service does not change.*3: When you run the IT Security Tool, the automatic start-up is disabled for the Windows service.

n CautionIn a domain environment, this setting may be overwritten with the setting in the domain con-troller, depending on the group policies of the domain controller. If this is your case, changethe setting in the domain controller.

<3.3 Stopping Unused Window Services> 3-12


3.4 Changing IT Environment SettingsThis section explains the Windows security functions that can be implemented in the ProSafe-RS system. There are cases where it is not possible to implement certain security functionsdepending on the conditions of each system. For this reason, examine whether or not imple-mentation is possible for each function before the implementation.

<3.4 Changing IT Environment Settings> 3-13


3.4.1 Disabling the Built-in Administrator Account orChanging its User Name

We recommend that you disable the built-in Administrator account or change its user namebecause the built-in accounts that are created during the installation of windows are easy tar-gets of password cracking.For Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008, werecommend disabling of the built-in Administrator account.

n Cautions (when Disabling the Built-in Administrator Account)You must consider the following points when you disable the built-in Administrator account:• Disable the built-in Administrator account after creating a user with administrative rights.

• Be careful not to include root, su, admin, and other words meaning administrator in thename of user with administrator rights.

• Securely control users with administrator rights because they are required for operations.

• In a domain environment, this setting may be overwritten with the setting in the domaincontroller, depending on the group policies of the domain controller. If this is your case,change the setting in the domain controller.

n Cautions (when Changing the User Name of the Built-inAdministrator Account)

You must consider the following points when you change the name of the built-in Administra-tor account:• Create a user with administrator rights for normal maintenance.

• Be careful not to include root, su, admin, and other words meaning administrator in thechanged user name and in the name of the user with administrator rights you create.

• Securely control users with administrator rights




3.4.2 Hiding the Last Logon User NameYou can hide the last logon user name on the logon dialog box to prevent leakage of validuser names in the system.

n CautionKeep the following points in mind when hiding the last logon user name.• You must enter a user name on every logon attempt if you apply this security measure.




3.4.3 Applying the Software Restriction PoliciesThe software restriction policies function restricts execution of programs in the following ways:• Restriction on path

• Restriction on hash

• Restriction on certificate

• Restriction on the Internet zone

In the ProSafe-RS system, Restriction on path is applied so that only the specified programscan run. This prevents illegal execution of programs even if harmful programs are copied in atemporary folder or other locations in the PC.The IT Security Tool supports Restriction on path. If this restriction is applied, other coexistingpackages may not run.

n SettingsTo allow only the specified programs to run, folder paths are added and rules are deleted asfollows:

Folder paths to be added• %ALLUSERSPROFILE%\Microsoft\Windows\Templates (*1)

• %ALLUSERSPROFILE%\Templates (*1)

• %ProgramFiles% (*2)

• %ProgramFiles(x86)% (*3)(for Windows 7 and Windows Server 2008 R2)

• %ProgramW6432% (*4)(for Windows 7 and Windows Server 2008 R2)

• %ProgramFiles%\Yokogawa\IA\iPCS\Platform\Security\PROGRAM (*2)

• %ProgramFiles(x86)%\Yokogawa\IA\iPCS\Platform\Security\PROGRAM(*3) (for Win-dows 7 and Windows Server 2008 R2)

• %SystemRoot% (*5)

• ProSafe-RS installation folder

Rules to be deleted"Ink" and "mdb" are deleted from [Designated File Types Properties].

*1: %ALLUSERSPROFILE% refers to the following folder. This example is when the system drive is drive C .Example:

C:\ProgramData*2: %ProgramFiles% refers to the following folder. This example is when the system drive is drive C .

Example:

C:\Program Files*3: %ProgramFiles(x86)% refers to the following folder. This example is when the system drive is drive C .

Example:

C:\Program Files(x86)*4: %ProgramW6432% refers to the following folder. This example is when the system drive is drive C .

Example:

C:\Program Files*5: %SystemRoot% refers to the following drive. This example is when the system drive is drive C .

Example:

C:\Windows

n CautionsKeep the following points in mind when applying the software restriction policies.



• On PCs running Windows 7 or Windows Server 2008 R2, you can configure this functionby the IT Security Tool.

IMPORTANTWhen software restriction policies are applied, observe the following points: To start the instal-ler from the ProSafe-RS software medium, right-click the icon of the installer and choose [Runas Administrator]. To run a non-ProSafe-RS program, you also need to run it by choosing[Run as Administrator].




3.4.4 Applying AutoRun RestrictionsThis restriction prevents automatic execution of programs when a CD-ROM or other mediumis inserted to the drive or a USB port. This is an effective measure against virus (USB worm)infecting computers via USB memory.

n Setting ValuesThe AutoRun function is disabled for all drives.

n CautionsKeep the following points in mind when applying AutoRun restrictions.• The installation menu does not start when the ProSafe-RS software medium is inserted.




3.4.5 Applying the StorageDevicePolicies FunctionBy using the StorageDevicePolicies function of Windows, you can set removable storage me-dia connected on USB ports as read-only devices. You can use this function to prevent theftof data by unauthorized users. You can use the StorageDeviceCTL utility of ProSafe-RS totemporarily grant write permissions to users.

SEEALSO For more information about StorageDeviceCTL, refer to:

6.2, “Other Utility Programs” on page 6-12

n CautionsKeep the following points in mind when applying the StorageDevicePolicies function.• If this function is applied on Windows Server 2008 R2, you cannot use StorageDevi-

ceCTL to temporarily grant write permissions. To cancel the read-only state, you need toclear the [Applying the StorageDevicePolicies function] check box of the IT Security Tool'sdetailed settings and run the tool again. Note that, to disable taking out of data using re-movable storage media without using this function, you need to take security measuressuch as putting a cover on USB ports.




3.4.6 Disabling USB Storage DevicesThis function disables the use of USB storage devices such as USB memories. You can usethis function to prevent theft of data by unauthorized users.You can use the StorageDeviceCTL utility of ProSafe-RS to temporarily grant write permis-sions to users.

SEEALSO For more information about StorageDeviceCTL, refer to:


n CautionsKeep the following points in mind when disabling USB storage devices.• If this function is applied to Windows Server 2008 R2, you cannot use StorageDeviceCTL

to temporarily grant write permissions. To cancel the disabling, you need to clear the [Dis-abling USB storage devices] check box of the IT Security Tool's detailed settings and runthe tool again. To disable taking out of data using removable storage media without usingthis function, you need to take security measures such as putting a cover on USB ports.




3.4.7 Disabling NetBIOS over TCP/IPIt is recommended to disable NetBIOS because attackers may be able to acquire a list ofservices running on the target computer and a list of users by using NetBIOS.

n CautionsKeep the following points in mind when disabling NetBIOS over TCP/IP.• The computer name and station name must be the same.

• By making this setting, it becomes not possible to make file sharing connection from Win-dows 95, Windows 98, Windows ME, and Windows NT.

• The computer name must be resolved by the DNS or HOSTS file.



3.4.8 Changing the LAN Manager Authentication LevelWindows has LM authentication, NTLM authentication and NTLMv2 authentication methodsfor backward compatibility.For the environment of the ProSafe-RS system, use of NTLMv2 authentication is recommen-ded. LM authentication is not recommended since its method of hashing user's password (LMhash algorithm) is very vulnerable.

n SettingsIf this security measure is applied, the following settings are configured.• For [Network security: LAN Manager authentication level], “Send NTLMv2 response only”

is set.

• For [Network security: Do not store LAN Manager hash value on next password change],“Enabled” is set.

• For [Network security: Minimum session security for NTLM SSP based (including secureRPC) clients], the [Requires NTLMv2 session security] and [Requires 128-bit encryption]check boxes are selected.

• For [Network security: Minimum session security for NTLM SSP based (including secureRPC) servers], the [Requires NTLMv2 session security] and [Requires 128-bit encryption]check boxes are selected.

n CautionsKeep the following points in mind when changing the LAN Manager authentication level.• It becomes impossible to connect from Windows 95, Windows 98, Windows ME, Win-

dows NT, and Windows 2000 when the above settings are completed.

• Ensure that the settings of [Network security: Minimum session security for NTLM SSPbased (including secure RPC) clients] and [Network security: Minimum session securityfor NTLM SSP based (including secure RPC) servers] are consistent on all PCs.




3.4.9 Applying the Password PoliciesThe strength of security for user authentication changes significantly depending on the setpassword. It is recommended to secure minimum password strength by applying the pass-word policies.

n SettingsThe following table shows the settings.

Table 3.4.9-1 SettingsPolicy Settings

Minimum password length 12 characters or more

Change prohibition period of password One day

Validity period of password 90 days

Storage of password history 24 passwords stored(25 password types or more are required)

Password must meet complexity requirements Enabled

Store password using reversible encryption for allusers in the domain Disabled

n CautionsKeep the following points in mind when applying the password policies.• If the password policies are made stricter, not only the load of password management on

users but also the load of operation administrators to manage user's passwords increa-ses.




3.4.10 Applying the Audit PolicyCollected account logon conditions and events related to security serve as data useful in de-tecting abnormal system conditions in early stages and to trace causes of troubles whenproblems related to security occur. It is recommended to set appropriate audit policies. Withthe Windows default setting, audit data is not collected.



Audit account logon events Success, failure

Audit account management Success, failure

Audit object access Failure

Audit system events Success, failure

Audit directory service access Success, failure

Audit process tracking Success

Audit policy change Success, failure

Audit logon events Success, failure

Audit privilege use Success, failure

n CautionsKeep the following points in mind when applying the audit policies.• If the number of event types collected is increased, the system performance is affected.

• The number of generated events varies depending on the types of collected events andsystem operations. Determine the event collection size appropriate for the system opera-tion conditions.




3.4.11 Applying the Account Lockout PolicyThis function is effective to protect the ProSafe-RS system from attacks such as online crack-ing.



Account lockout threshold 10 invalid logon attempts

Reset account lockout counter after 15 minutes

Account lockout duration 15 minutes

n CautionsKeep the following points in mind when applying the account lockout policies.• If this policy is applied, you may not be able to logon in an emergency situation if lockout

occurs as a result of hasty operation.




3.4.12 HDD Password Function by BIOSThis function is provided in most of PCs and protects HDD using the ATA command that con-trols HDD. In normal BIOS password setting, it is possible to refer to data in HDD by removingthe hard disk from a PC and connecting it to another PC. A HDD password locks the HDDitself, and it prohibits reading data even if HDD is removed and connected to another comput-er. Even if a PC is stolen, there is no fear that important data of the ProSafe-RS system leaksfrom the stolen PC. It will be impossible to recover the HDD password once forgotten and it isrequired to enter the HDD password when starting a PC. For this reason, please examinewith greatest care before implementing this function.Please contact the PC manufacturer whether or not this function is provided and how to setthe function.



4. Selection of Security FunctionsIn order to set security functions, it is necessary to take various items into consideration. Thischapter explains the items to be considered and model cases that serve as reference whensetting security functions.

<4. Selection of Security Functions> 4-1


4.1 Items to be Considered before SettingSecurity Functions

This section explains items to be considered when setting security functions.

n Considerations on Determining Security FunctionsThe following items need to be considered according to the actual implementations.These items should be determined before installing the ProSafe-RS software.• Security Model

• Windows user management type

• User authentication mode

l Selecting Security ModelA security model needs to be selected from the following three types.

Table 4.1-1 Selecting Security ModelSecurity Model Selection Criterion

Legacy Model

Select this model when collaborating with systems that include Yokogawasystem products that do not support IT security and when sharing Windowsusers among multiple operators.This model can be selected upon your understanding that it is vulnerableagainst information leak and attacks by worms and viruses.

Standard Model (Recommen-ded)

It is recommended to select this model unless you have a specific reasonnot to.This model provides minimum security settings necessary for the ProSafe-RS system, considering secure operation of the system as well as collabora-tion with other systems.

Strengthened ModelSelect this model when security level higher than the Standard model is re-quired.Consult Yokogawa agent when implementing this model.

l Windows User ManagementSelect Windows user management method according to the system size and configurationfrom the following three types.

Table 4.1-2 Selecting User Management TypeUser Management Selection Criterion

Standalone Management This type is suitable for relatively small-scale systems because the user ac-counts and passwords of all PCs of a system need to be kept consistent.

Domain ManagementThis type is suitable for systems that implement a centralized user manage-ment. When this type is selected, it is recommended to set a new, dedicateddomain controller when constructing the system.

Combination Management This type is suitable for the system where user management is centralizedbut some users are allowed to be independently managed in local PCs.

l User Authentication ModeWhen the Access Control and Operation History Management Package is used, you can se-lect either of the following user authentication modes according to the operation conditionsand security policies of the system.

<4.1 Items to be Considered before Setting Security Functions> 4-2


Table 4.1-3 Selecting User Authentication ModeUser Authentication

ModeSelection Criterion

ProSafe AuthenticationMode

Select this mode when Windows users and ProSafe-RS users are authenticatedseparately.

Windows AuthenticationMode

Select this mode when Windows users and the users who perform system engi-neering or maintenance works are authenticated together.This mode is suitable for systems requiring a higher security level.

When Windows authentication mode is selected, only one authentication is performed beforeoperating the SENG.

n Precautions when Setting Security FunctionsThe following table lists precautions to be observed when setting security measures.

Table 4.1-4 Precautions when Setting Security FunctionsSecurity function Item to be considered

Software Restriction Policies

If the software restriction policies are set, programs added for the purposeof collaboration and coexistence may not run. You need to add policies ofthe programs to the software restriction policies.Follow these steps to add policies.1. Logon the PC as an administrative user.2. From the Start menu, select [Control Panel] > [Administrative Tools] >

[Local Security Policy].3. At Local Security Policy, select [Software Restriction Policies] > [Addi-

tional Rules].4. Add the policy of a newly added program.

PSF_PROCESS Password Do not change the password of PSF_PROCESS.

Setting IT security for a fileserver/domain controller

It is necessary to install .NET Framework 3.5 SP1 if the IT security tool isused on file servers and/or domain controller. (*1)You need to create foldersfor storing project data or other database before using the IT security tool.

StorageDevicePolicies func-tion/Disabling USB storage devi-ces

If you apply the StorageDevicePolicies function or disable USB storage de-vices, you cannot back up data into storage devices such as USB memo-ries. When you take a backup of the operation history database or other da-ta into a storage device, use the StorageDeviceCTL command.

Disabling NetBIOS overTCP/IP

If you disable NetBIOS over TCP/IP, you cannot resolve names by broad-casting. Because of this, the following problems arise in environments withstandalone management.• When you try to open a file in a file server from SCS Manager, you can-

not see the file server.• If the cache file is stored in another PC, you cannot see the cache file.To solve these problems, use the HOSTS file or LMHOSTS file.

*1: .NET Framework 3.5 SP1 is included in the ProSafe-RS software medium.

<4.1 Items to be Considered before Setting Security Functions> 4-3


5. Precautions on OperationsThis section explains precautions related to security when operating ProSafe-RS.

<5. Precautions on Operations> 5-1


5.1 Windows Account ManagementTwo types of Windows account management are assumed, common account managementand individual account management, considering sharing of the user accounts often used inthe systems that were built before the security functions are introduced.

n Common Account Management and Individual AccountManagement

The following table shows the differences between the common account management and in-dividual account management.

Table 5.1-1 Common Account Management and Individual Account ManagementAccount manage-

ment method Operation form Convenience of operation Security strength

Common accountmanagement

A Windows account isshared by multipleusers.

High

The same operabilityas the systems thatwere built before thesecurity functions areintroduced.

LowHighly anonymousand disadvanta-geous.

Individual accountmanagement

A Windows account isassigned to a singleuser.

Low

Windows logoff andlogon are required atpersonnel shift, andthus cumbersomecompared to the sys-tems that were builtbefore the securityfunctions are intro-duced.

High

Advantageous be-cause access con-trol of each user ispossible.

<5.1 Windows Account Management> 5-2


5.1.1 Common Account ManagementThe common account management is highly convenient to operate because it is similar to theconventional account management of the systems that were built before the security functionsare introduced. However, from the security point of view, anonymity is high and securitystrength level is low. When applying the common account management, take personnel edu-cation and security of operation environment fully into consideration.

n Use of AccountsIf the common accounts are used, it is recommended to group accounts by rights of usersand use common accounts within a group. By grouping by rights of users, it becomes possi-ble to prohibit operations on the ProSafe-RS system by users without rights and to narrowdown user groups when tracing the trouble occurrence. It is considered that more usabletrace data is obtained compared to the case when common accounts are used among allusers.

n Password ManagementConsidering security, it is recommended to change passwords periodically. It is possible tohandle password cracking attacks by periodically changing passwords. If common accountsare used, it is recommended to change passwords at the timing when members using thecommon accounts are changed. By changing passwords, illegal access from previously au-thorized people is prevented.

n Automatic Logon FunctionDo not use the automatic logon function of Windows unless CENTUM VP coexists on the PC.Otherwise, persons without rights to the ProSafe-RS system may inadvertently use engineer-ing functions, and so on.



5.1.2 Individual Account ManagementWith the individual account management, it is possible to minimize rights on accounts byspecifying PC users. Moreover, it is possible to trace trouble occurrence more efficiently be-cause users can be identified. However, operations with the individual account managementare different from those with the common account management on several points, such asWindows logoff/logon becomes necessary at personnel shift. Careful consideration is requiredwhen implementing the individual account management.

n Account MaintenanceIf user rights are changed, it is recommended to promptly change account rights.By performing account maintenance immediately, it becomes possible to handle illegal accessby users who used to have rights before and/or unexpected attacks from attackers.For example, if a user left the job, delete the account of the user; if the scope of charge of amaintenance personnel is changed, change the group to which the personnel belongs.

n Password ManagementConsidering security, it is recommended to change passwords periodically. Password crack-ing can be prevented by periodically changing the user passwords.



5.1.3 Common Precautions for Common AccountManagement/Individual Account Management

This section lists precautions common to the common account management and individualaccount management.

n System AuditIt is recommended to perform system audit periodically. By doing so, it is possible to detectsystem abnormalities in early stages, which leads to early discovery of signs of troubles andaccidents. If any abnormalities are found, consult network administrators or experts to takeappropriate measures.

n Account Management by Standalone ManagementWhen managing accounts by standalone management, it is not only necessary to create thesame user account on all PCs used by users and SENG PCs on which project databases ex-ist, but also unify passwords of registered accounts. Note that, when changing a password, itis also necessary to change the password to the same new password on all the PCs in whichthe same account is registered.

n Account Management by Domain ManagementIf the time on the domain controller and the time on PCs in the ProSafe-RS system signifi-cantly differ (5 minutes or longer by default), the authentication function does not work proper-ly in the domain environment. Pay attention to the time deviation between the domain control-ler and each PC.

n PSF_MAINTENANCE GroupPSF_MAINTENANCE, which is a group for maintenance, has very powerful rights, includingadministrator rights. It is desired to treat accounts belonging to PSF_MAINTENANCE as inva-lid accounts under normal operation and enable the accounts when they are in need. More-over, setting valid periods for accounts at the timing to enable the accounts is also an effectivesecurity measure.

n Users who can Use OPCUsers who can use OPC can use the DCOM function on remote sites, so it is desired to mini-mize the number of registered users who can use OPC to reduce their influences on the sys-tem. Moreover, if target users use only programs, deleting the logon right is also an effectivemeasure.

n Regarding User Creation for Groups Having Windows AdministratorRights

When creating a user belonging to PSF_MAINTENANCE or PSF_MAINTENANCE_LCL, it isnecessary to add the user to either the Administrators group or the Domain Admins group aswell.



5.2 Related ProgramsThis section explains the following related programs.• Windows security patches

• Antivirus software

n Windows Security PatchesIt is assumed that security patches are applied according to the customer's security policy.Yokogawa recommends to apply security patches to ProSafe-RS systems. It is recommendedto apply all required security patches before the system goes into operation and also applysecurity patches that are released after the system went into operation as promptly as possi-ble.Yokogawa offers security patch application services. Contact Yokogawa Service for more in-formation.As is noted as zero-day attack, attacks that take advantage of the software vulnerability canoccur right after the disclosure of the vulnerability (security hole).Note that when security patches and service packs are applied to the ProSafe-RS system, ex-isting security settings (firewall setting and local security setting) may be changed. If securitypatches and service packs are applied, make sure that the existing security settings are valid.

n Antivirus SoftwareIt is recommended to install antivirus software tested by Yokogawa on PCs and domain con-trollers within the ProSafe-RS system before starting operations. For more information aboutapplication of antivirus software, contact Yokogawa Service.If search engines and pattern files of antivirus software are updated, it may have unexpectedrebooting or unexpected influence on other operations of PC. Exercise sufficient cautionswhen updating antivirus software, such as checking the operation beforehand using a testpurpose PC.

<5.2 Related Programs> 5-6


5.3 Measures for Secure UseThis section describes how to use ProSafe-RS securely. It is recommended to take the meas-ures described here for the secure use of ProSafe-RS.

SEEALSO For more information about security measures for the entire system such as considerations about network

configuration, refer to:

Security Standard of System Product (TI 33Y01B30-01E)

n Selecting a Security ModelOn the computers used in a ProSafe-RS system, select the Standard model or Strengthenedmodel for the security model.

n Informing Users of Entry to a Security ZoneWhen a system using ProSafe-RS is installed in a security zone, you can use the followingmeasure so that the user who is trying to log on to the system is informed that he/she is enter-ing a security zone and the subsequent operations will be performed in the security zone.Take this measure if necessary:For the Windows local security policy under Control Panel, select [Local Policy] > [SecurityOptions] and configure the following policies:• [Interactive logon: Message title for users attempting to log on]

• [Interactive logon: Message text for users attempting to log on]

TIP A security zone is a physical or logical area where only permitted users can access. Equipment and facilitiesin a security zone require special management and are insulated from other areas.

n Measures against Physical AttacksTo protect devices making up a ProSafe-RS system, such as SCS, network switches, andcomputers, from physical attacks by malicious third parties, take measures such as placingthe devices in a lockable rack and strictly controlling the entry to and exit from the area wherethey are placed.

n Measures against Connection of Unauthorized DevicesTake measures so as to prevent connection of unauthorized devices brought from the outsideto the ProSafe-RS system. Examples of the measure are:• Disable the free ports of network switches

• Limit the devices allowed to connect to the ports of network switches:for example, by assigning the MAC addresses of connectable devices to the ports.

n Measures against Information Leakage in CommunicationTo prevent information travelling through the control network from leaking to unauthorizedthird parties, implement the measures described in “■ Measures against Physical Attacks”and “■ Measures against Connection of Unauthorized Devices” on the network switches.

n Limiting System AdministratorsEnsure that only a few reliable persons are registered in the administrative groups of ProSafe-RS.

<5.3 Measures for Secure Use> 5-7


n If Behavior Suspected to be Resulting from Vulnerability is FoundIf you find any behavior of the ProSafe-RS system suspected to be resulting from the vulnera-bility of our products, please inform Yokogawa.

<5.3 Measures for Secure Use> 5-8


6. Utility Programs for SecuritySettings

This section describes the IT Security Tool and other utility programs for security setting.

<6. Utility Programs for Security Settings> 6-1


6.1 IT Security ToolAfter installing the ProSafe-RS software on a PC, the security settings of the PC need to bestrengthened.Using the IT Security Tool, the various security setting items can be comprehensively definedso that you do not need to manually set each item one by one. This tool can be used to con-figure the security settings on PCs installed with the ProSafe-RS software, file server, and do-main controller.The security settings items that can be defined using this tool will be explained below.

n Security Setting ItemsThe following table shows the security items that are configured by the IT Security Tool.

Table 6.1-1 Security Setting Items Set by IT Security ToolCategory Setting Item Description

Access control Creating local users andgroups

Creates users and groups for access control.

Creating domain usersand groups

Creates users and groups on the domain controller for ac-cess control when users are managed in a domain environ-ment.

Access control for filesand folders

Restricts each user or group from accessing files and fold-ers, and running programs.

Access control for productregistry

Restricts each user group from accessing Windows registrykeys.

DCOM setting Access control for DCOM(OPC) objects

Grants rights to run DCOM modules only to the users whobelong to the group for OPC.

Firewall Personal firewall tuning Enables the personal firewall to permit only connections be-tween ProSafe-RS and known destinations.

Local securitypolicies

Local security Grants the rights required to run ProSafe-RS.


<6.1 IT Security Tool> 6-2


Table 6.1-1 Security Setting Items Set by IT Security Tool (Table continued)Category Setting Item Description

Changing IT en-vironment set-tings

Hiding the last logon username

Configures so that the name of the user who last logged onto Windows is not displayed on the Log On to Windows dia-log box.

Applying the software re-striction policies

Restricts the running of programs based on restrictions onpaths.If this measure is applied, software programs other than Pro-Safe-RS may become unable to run.Thus, further setups may be required to run those softwareprograms.This setting is available only on Windows 7 and WindowsServer 2008 R2 computers.

Applying AutoRun restric-tions

Disables AutoRun on connecting an external device to thecomputer.

Applying the StorageDevi-cePolicies function

Disables writing to external storage devices such as USBmemory if this measure is enabled.Even if this restriction is applied, you can temporarily enablewriting to external storage devices by using the StorageDevi-ceCTL utility program.

Disabling USB storage de-vices

Disables USB storage devices if this measure is enabled.Even if this restriction is applied, you can temporarily enableUSB storage devices by using the StorageDeviceCTL utilityprogram.

Disabling NetBIOS overTCP/IP

Disables NetBIOS name resolution.

Changing the LAN Man-ager authentication level

Disables the authentication protocol required for communica-tion with prior Windows NT 4.0 Windows software.

IMPORTANTAfter you run the IT Security Tool specifying to apply the software security policies, the opera-tion on the computer changes as follows:• To start the installer from the software medium, right-click the icon of the installer and se-

lect [Run as Administrator].

• To run a program other than ProSafe-RS program (such as the installer of a graphic carddriver), right-click the icon and select [Run as administrator].

TIP You cannot use the StorageDeviceCTL utility on Windows Server 2008 R2. To release application of the Stor-ageDevicePolicies function or disabling of USB storage devices on Windows Server 2008 R2, you must modi-fy the setting with the IT Security Tool and restart the PC.

SEEALSO For more information about users and groups created by the IT Security Tool, refer to:

2.2.3, “Users/Groups Respect to the Combination of User Management and Security Model” on page2-7

For more information about the StorageDeviceCTL utility, refer to:


For more information about the cautionary notes when software restriction policies are applied, refer to:

3.4.3, “Applying the Software Restriction Policies” on page 3-16



n Security Models Provided by IT Security ToolIT Security Tool can provide the following security models.• ProSafe-RS Legacy Model

• ProSafe-RS Standard Model - Standalone Management

• ProSafe-RS Standard Model - Domain Management

• ProSafe-RS Standard Model - Combination Management

• File Server Legacy Model

• File Server Standard Model - Standalone Management

• File Server Standard Model - Domain Management

• File Server Standard Model - Combination Management

• Domain Controller Standard Model - Domain or Combination Management

For the selected model, you can specify whether to apply the security measure items withcheck boxes. However, it is recommended that you do not clear the check boxes of the de-fault selected items.

Figure 6.1-1 Select Setting Items Dialog Box

After the first installation, the check boxes in the dialog box show the default settings of theselected security model. When security settings are already configured using the IT SecurityTool, the check boxes show the settings that were set last if you haven't changed the securitymodel or user management type.If you have changed the security model or user management type, the check boxes show thedefault settings of the selected security model.



n Setting Items for Legacy ModelThe following table shows the settings available for the Legacy model.

Table 6.1-2 Legacy Model

Setting item Default check boxstate Can be modified

Access control for files and folders Selected No

Access control for product registry Selected No

Access control for DCOM (OPC) objects Selected No

Personal firewall tuning Selected No

Local security Selected No

Changing IT environment settings - Hiding the last logon username Selected Yes

Changing IT environment settings – Applying software restric-tion policies Selected Yes

SEEALSO For more information about creation of users/groups, refer to:


n Setting Items for Standard Model - Standalone ManagementThe following table shows the settings available for the Standard model applying Standalonemanagement.

Table 6.1-3 Standard Model - Standalone Management


Creating local users and groups Selected No






Changing IT environment settings - Changing the LAN Manag-er authentication level Selected Yes

Changing IT environment settings – Hiding the last logon username Selected Yes


Changing IT environment settings - Disabling NetBIOS overTCP/IP Clear Yes

Changing IT environment settings - Applying the StorageDevi-cePolicies function Clear Yes

Changing IT environment settings – Disabling USB storagedevices Clear Yes

Changing IT environment settings - Applying software restric-tion policies(*1) Clear Yes



*1: This setting can be modified only on Windows 7 and Windows Server 2008 R2. If this check box is selected, running of someprograms is restricted according to the Restriction on path.



n Setting Items for Standard Model - Domain ManagementThe following table shows the settings available for the Standard model applying Domainmanagement.

Table 6.1-4 Standard Model - Domain Management



Creating domain users and groups Selected No









Changing IT environment settings - Disabling NetBIOS overTCP/IP Selected Yes


Changing IT environment settings - Disabling USB storage de-vices Clear Yes

Changing IT environment settings - Applying software restric-tion policies (*1) Clear Yes




n Setting Items for Standard Model - Combination ManagementThe following table shows the settings available for the Standard model applying Combinationmanagement.



Table 6.1-5 Standard Model - Combination Management











Changing IT environment settings - Applying AutoRun restric-tions Selected Yes




Changing IT environment settings - Applying software restric-tion policies (*1) Clear Yes




n Setting Items for File Server: Legacy ModelThe following table shows the available settings for the Legacy model on a file server.

Table 6.1-6 File Server: Legacy Model










n Setting Items for File Server: Standard Model - StandaloneManagement

The following table shows the setting items available for the Standard model applying Stand-alone management on a file server.

Table 6.1-7 File Server: Standard Model - Standalone Management






Changing IT environment settings - Applying the audit policy Selected Yes



Changing IT environment settings - Disabling NetBIOS overTCP/IP Clear Yes



SEEALSO For more information about details of user/group creation, refer to:


n Setting Items for File Server: Standard Model - Domain ManagementThe following table shows the available settings for the Standard model applying Domainmanagement on a file server.

Table 6.1-8 File Server: Standard Model - Domain Management













Table 6.1-8 File Server: Standard Model - Domain Management (Table continued)







n Setting Items for File Server: Standard Model - CombinationManagement

The following table shows the available settings for the Standard model applying Combinationmanagement on a file server.

Table 6.1-9 File Server: Standard Model - Combination Management















n Setting Items for Domain Controller: Standard Model - Domain orCombination Management

The following table shows the setting items available for the Standard model applying Domainor Combination management on a domain controller.



Table 6.1-10 Domain Controller: Standard Model - Domain or Combination Management



Access control for files and folders Selected Yes









TIP The IT Security Tool creates only the users and groups that are to be created on the domain.



n Find Out the Applied Security Model and User Management TypeYou can find out the applied security model and user management type in two ways: checkthe security settings on the IT Security Tool or check the records in the log file. On a file serv-er or a domain controller computer, you can check the records in the log file.

l Check the Security Settings on the IT Security ToolFollow these steps to check the settings on the IT Security Tool:1. From the Start menu, select [All Programs] > [YOKOGAWA Security] > [IT Security Tool]

The IT Security Tool starts.

2. Click the [Setup] button.The IT Security Settings dialog box appears. The radio buttons of the applied securitymodel and user management type are selected.

3. Confirm which security model and user management type are selected.

l Check the Records in the Log FileFollow these steps to check the records in the log file:1. Open the following IT security log file: This example is when the system drive is drive C.

C:\ProgramData\Yokogawa\IA\iPCS\Platform\Security\Log\Log.txt2. Search through the log file for a line containing the name of the security setting file. The

following example is when the user management type is Standalone management: If mul-tiple matches are found, use the record with the latest time stamp.Example:

YYYY/MM/DD hh:mm:ss:<STN>:<USER> INFO file name (<path>\<name>.csf)



The elements in the log file record are as follows:

<STN>: Computer name<USER>: User name<path>: Full path to the security setting file<name>: Name of the security setting file

3. Find out the applied security model and user management type from the name of the se-curity setting file.A security setting file is named according to the following conventions:<Product name>-<Installation type>_<Security model>_<User management type>.csf

TIP On a file server computer, the names of the security setting file are as follows:

• Legacy model: PSF-FileServer_Legacy_Standalone.csf

• Standard model with Standalone management: PSF-FileServer_Standard_Standalone.csf

• Standard model with Domain management: PSF-FileServer_Standard_Domain.csf

• Standard model with Combination management: PSF-FileServer_Standard_Combination.csf



6.2 Other Utility ProgramsThis section describes the following utility programs for security setting.• CreateProSafeProcess

• CreateLicenseProcess

• StorageDeviceCTL

n CreateProSafeProcessThis utility program creates the PSF_PROCESS user. It is also used to change the passwordof the PSF_PROCESS user.

l Detailed ExplanationCreateProSafeProcess is used on computers installed with ProSafe-RS or CENTUM VP andon file server computers. This tool creates the PSF_PROCESS user and automatically sets apassword for it. If you want to manage the password, you can specify an option to set a de-sired password.

l Start MethodFollow these steps to start CreateProSafeProcess.1. Log on using an administrative user account.

2. Insert the ProSafe-RS software medium into the drive, start the command prompt win-dow, and move to the following folder.(Drive):\ProSafe-RS\SECURITY

3. Run the following command.ProSafe.Security.CreateProSafeProcess.exeIf the PSF_PROCESS user does not exist, it is created and a password is set automati-cally. The passwords for Windows services registered for use by the PSF_PROCESSuser are also set.If the PSF_PROCESS user already exists, its password is changed to the initial pass-word.

TIP If you want to set a desired password, run the following command.

ProSafe.Security.CreateProSafeProcess.exe –p(password to be set)Setting a password is mandatory. You can set a password within 127 characters. If the PSF_PROCESS userdoes not exist, it is created and the specified password is set. At the same time, the passwords for Windowsservices registered for use by the PSF_PROCESS user are also changed to the specified password.

If the PSF_PROCESS user already exists, its password is changed to the specified password.

IMPORTANTNote the following points when you change the password.• Ensure that the same password is set on all computers on which the PSF_PROCESS

user exists, such as the computers installed with ProSafe-RS or other software packagesthat collaborate with ProSafe-RS and file server computers.

• After you change the password of an existing PSF_PROCESS user, restart the computer.

<6.2 Other Utility Programs> 6-12


n CreateLicenseProcessThis utility program changes the password of the LIC_PROCESS user.

l Detailed ExplanationCreateLicenseProcess is used on computers installed with ProSafe-RS or CENTUM VP andon file server computers. By running this tool, you can set a desired password for theLIC_PROCESS user.

l Start MethodFollow these steps to start CreateLicenseProcess.1. Log on using an administrative user account.

2. Insert the ProSafe-RS software medium into the drive and run the following commandfrom the command prompt window.<Drive>:\ProSafe-RS\SECURITY\Yokogawa.IA.iPCS.Platform.License.CreateLicenseProcess.exe -p(password to be set)

TIP Setting a password is mandatory. You can set a password within 127 characters. At the same time, the pass-words for Windows services registered for use by the LIC_PROCESS user are also changed to the specifiedpassword.

If you run the command without specifying "-p (password to be set)," the currently set password is changed tothe initial password.

IMPORTANTNote the following points when you change the password.• Ensure that the same password is set on all computers on which the LIC_PROCESS

user exists, such as the computers installed with ProSafe-RS or other software packagesthat collaborate with ProSafe-RS and file server computers.

• After you change the password of an existing LIC_PROCESS user, restart the computer.

n StorageDeviceCTLThis utility temporarily cancels the following disabling of storage devices.• Disabling of write permissions set by applying the StorageDevicePolicies function

• Disabling set by applying "Disabling USB storage devices"

l Detailed ExplanationWhen you cannot write to storage devices due to application of the StorageDevicePoliciesfunction or disabling of USB storage devices, you can execute StorageDeviceCTL to cancelthe effect of these security measures temporarily. Writing to storage devices is enabled whileStorageDeviceCTL is running.Start this tool, connect a USB storage device to the PC, and then perform writing tasks. ThePSF_MAINTENANCE right is required to execute the tool.Use this tool only on PCs for which the StorageDevicePolicies function or disabling of USBstorage devices is set.



IMPORTANT• Be sure to make the PC recognize the storage device after starting this tool.

• When the StorageDevicePolicies function or "Disabling USB storage devices" is appliedon Windows Server 2008 R2, you cannot use this utility to cancel the disabling.

• When you start this utility on a PC running Windows Server 2008 which is not installedwith ProSafe-RS, a dialog box confirming stopping of services may be displayed. If dis-played, click the [Close] of the dialog box.

l Start MethodFollow these steps to start StorageDeviceCTL:1. Use Windows Explorer to open the following folder.

This example is when the system drive is drive C.C:\Program Files (x86)\Yokogawa\IA\iPCS\Platform\SECURITY\PROGRAM\However, the location for Windows Vista or Windows Server 2008 is:C:\Program Files\Yokogawa\IA\iPCS\Platform\SECURITY\PROGRAM\

2. Double click the following program file in the folder.Yokogawa.IA.iPCS.Platform.Security.StorageDeviceCTL.exeThe task is displayed only in the task bar immediately after the start.

StorageDeviceCTLstart

Figure 6.2-1 Task Bar

3. Connect the USB storage device to the PC.

4. Read/write necessary data from/to the USB storage device.

5. Remove the USB storage device from the PC.

TIP To remove a USB storage device, right-click the [Safely Remove Hardware and Eject Media] icon from thetask tray and select [Eject USB Flash Disk] to stop the device. For Windows Vista and Windows Server 2008,[Eject USB Flash Disk] is [Safely remove hardware].

6. Click [StorageDeviceCTL] from the task bar and then click [WriteStop].

StorageDeviceCTL

Write stop

Figure 6.2-2 StorageDeviceCTL Dialog Box

StorageDeviceCTL ends and USB storage devices are disabled again.

SEEALSO For more information about the StorageDevicePolicies function, refer to:

3.4.5, “Applying the StorageDevicePolicies Function” on page 3-19

For more information about disabling USB storage devices, refer to:

3.4.6, “Disabling USB Storage Devices” on page 3-20



Revision informationTitle : ProSafe-RS Security Guide

Manual No. : M 32Q01C70-31E

Jan. 2015/4th Edition/R3.02.20 or later*

*: Denotes the release number of the Software Product corresponding to the contents of this Man-ual. The revised contents are valid until the next edition is issued.

General The description of Windows Server 2003 has been deleted, and "user name Administra-tor" has been changed to "built-in Administrator account."

Introduc-tion

ProSafe-RS Document Map has been deleted, and the description of Safety Precautionson Safety, Protection, and Modification of the Product has been changed.

3.3 The description of unused Windows services has been changed.

3.4.1 The description of disabling the built-in Administrator account or changing its user namehas been changed.

5.3 Newly added.

Oct. 2013/3rd Edition/R3.02.10 or later

Introduction Description of station types has been changed.

3.1.1 Access permission to the Domain Properties Setting Tool has been added.

6.2 Description of the utility program CreateProSafeProcess has been changed, and Crea-teLicenseProcess has been added.

Dec. 2012/2nd Edition/R3.02 or later

6.1 Description of how to find out the applied security model and user management type has beenadded.

6.2 Utility program CreateProSafeProcess has been added.

Aug. 2011/1st Edition/R3.01 or laterNewly published

n

For Questions and More InformationOnline Query: A query form is available on the following URL for online query.http://www.yokogawa.com/iss

n Written by Yokogawa Electric Corporationn Published by Yokogawa Electric Corporation

2-9-32 Nakacho, Musashino-shi, Tokyo 180-8750, JAPAN

Rev-1


ProSafe-RS Security Guide - Yokogawa

Documents

Transcript of ProSafe-RS Security Guide - Yokogawa