PLC-5 Protected Processors (Cat. No.
Important User Information Because of the variety of uses for the products described in this publication, those responsible for the application and use of this control equipment must satisfy themselves that all necessary steps have been taken to assure that each application and use meets all performance and safety requirements, including any applicable laws, regulations, codes, and standards.
Preface Using This Supplement Introduction This supplement describes how to use the security features provided by a PLC-5/26t, PLC-5/46t, or PLC-5/86t protected processor. Audience The information in this supplement is intended primarily for the system administrator—a user with unique privileges who can control access to critical areas of the protected processor’s program. End users—operators with restricted access to the processor’s program —can also benefit from reading this supplement.
Preface Using This Supplement Related Publications The 1785 PLC-5 Programmable Controller documentation is organized into manuals according to the tasks that you perform.
Table of Contents PLC-5 Protected Processor Supplement Table of Contents Planning for a Protected System Chapter 1 Configuring Passwords and Privileges Chapter 2 Configuring and Using Data-Table Element Protection Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 1 Planning for a Protected System Introduction The PLC-5 protected processor’s security features are designed to limit access to critical areas of your program: • providing for more consistent operation of your machine/process • helping you reduce the risks associated with unauthorized program modification The protected processor is designed to improve security by helping you prevent: • I/O forcing of specific module groups • unauthorized manipulation of specific segments of data-table wor
Chapter 1 Planning for a Protected System To control: Enhanced PLC-5 processors let you: In addition, protected processors let you use DTEP to: I/O Forcing Allow or disallow the I/O-Force privilege for a class of users Gives only total or no control Prevent modification of specific module groups by I/O forcing initiated by an end user Data-Table Write Allow or disallow the Logical-Write privilege for a class of users Gives only total or no control Prevent writes to specific segments of data-table w
Chapter 1 Planning for a Protected System Passwords and Privileges Tip Maintaining control over the privilege to modify privileges is critical to the successful use of the DTEP mechanism. The privilege classes in a PLC-5 processor are not necessarily hierarchical. Class-1 privileges are considered “higher” than the others only because no one can remove the privilege to modify privileges from class 1.
Chapter 1 Planning for a Protected System Tip The status-file location of the value for the DTEP file (S:63) is protected automatically; therefore, you do not have to protect it individually.
Chapter 1 Planning for a Protected System S:17 CTU COUNT UP 11 Counter CU C5:0 Preset 10 Accum 0 DN S:17 U 11 As a means of monitoring end-user attempts to bypass security mechanisms, you can monitor the status-file minor-fault bit (S:17/11). This bit indicates a protection-violation attempt. It can be used to count intrusion attempts if you add a rung of ladder logic that increments a counter and clears the minorfault bit on each attempt.
Chapter 2 Configuring Passwords and Privileges Using this Chapter If you want to read about: Go to page: Guidelines for assigning passwords and privileges 2-2 Assigning passwords and privileges to classes 2-3 Assigning default privilege classes for channels and offline files 2-6 Assigning read and write privileges for channels 2-7 Assigning privileges for specific stations/nodes 2-8 Assigning read and write privileges for a program file 2-9 Assigning read and write privileges for a data-ta
Chapter 2 Configuring Passwords and Privileges Guidelines for Assigning Passwords and Privileges The privilege classes are the upper-level organization for the password structure.
Chapter 2 Configuring Passwords and Privileges Assigning Passwords and Privileges to Classes As system administrator, you can assign a unique password to each of four privilege classes (classes 1-4). For each class, you can then assign access to certain software operations (such as modifying program files, data-table files, or channel configurations). Assigning Passwords to Classes To assign a password to a class, follow the steps on the left.
Chapter 2 Configuring Passwords and Privileges For example, you can decide that class 1 is for the system administrator, class 2 for plant engineers, class 3 for maintenance engineers, and class 4 for operators.
Chapter 2 Configuring Passwords and Privileges If you want a class to have the ability to: Enable this privilege/operation: Enable/Disable privileges for each class Important: If you are using DTEP, disable this privilege for every class except class 1 (system administrator).
Chapter 2 Configuring Passwords and Privileges Assigning Default Privilege Classes to Communication Channels and Offline Files Communication channels and offline files start out with class-1 privileges. Assign a new default privilege class for a communication channel or offline file by following the steps on the left. 6200 Main Menu Online Program or A default privilege class determines the class of a particular channel and of all stations/nodes attached through that channel.
Chapter 2 Configuring Passwords and Privileges Assigning Read and Write Privileges for Communication Channels The read and write privileges that you see on the Channel Privileges screen apply to a privilege class’ read and write access to the Channel Configuration screen of each channel. Important: Removing both read and write access from class 1 for a channel prevents even you, the system administrator, from configuring that channel.
Chapter 2 Configuring Passwords and Privileges Assigning Privileges for Specific Stations/Nodes 6200 Main Menu Online Program or Each station/node that attaches to this processor’s DH+ channel defaults to the privilege class that is assigned to its channel; as system administrator, however, you can give a particular node a unique privilege class. Important: • Node privilege classes override the default privilege class of the channel that is assigned on the Channel Privilege screen.
Chapter 2 Configuring Passwords and Privileges Assigning Read and Write Privileges for a Program File As system administrator, you can assign read and write privileges for each program file in a processor in order to limit the ability of users to view or change it. Important: or Offline Program F1 You cannot modify read and write privileges to system (file 0) or undefined files.
Chapter 2 Configuring Passwords and Privileges Assigning Privileges for a Data-Table File As system administrator, you can assign read and write privileges for each data-table file in a processor in order to limit the access of users to view or change data-table file values. Important: or Offline Program F1 You cannot modify read and write privileges to undefined files.
Chapter 2 Configuring Passwords and Privileges Restoring Default Privilege Classes As system administrator, you can restore default privileges for a class if the current edits have not yet been saved. To restore default privileges, follow the steps on the left.
Chapter 3 Configuring and Using Data-Table Element Protection Using this Chapter If you want to read about: Go to page: Creating a protection file 3-1 Setting up a protection file 3-2 Entering data-table ranges into a protection file 3-3 Screening commands 3-5 Protecting from offline changes 3-5 Understanding restrictions placed on the system 3-6 Testing the protection file 3-8 As system administrator, implement DTEP by: Creating a Protection File 6200 Main Menu • obtaining system-admi
Chapter 3 Configuring DTE Protection Initiating the Protection Mechanism Entering the file number of the DTEP file into element 63 of the status file (S:63) automatically initiates the DTEP mechanism for end users. 6200 Main Menu As system administrator, use the steps at the left and enter a ladder instruction moving the desired DTEP file number into S:63 of the status file. Online Program This ladder instruction can be temporary as long as it executes once to set the value in the status file.
Chapter 3 Configuring DTE Protection Entering Data-Table Ranges into the Protection File As system administrator, you specify ranges of protection in the DTEP file using three consecutive words for each range entry. Enter the file ranges that you want protected by following the steps on the left. 6200 Main Menu Address N10:0 N10:10 Online Program 0 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 8 0 0 9 0 0 F1 Cursor to Progam File Monitor File F8 Press a function key or enter a value.
Chapter 3 Configuring DTE Protection Tip Even if you, as system administrator, have already removed the privilege to write to a data-table file, you can still protect it with DTEP and benefit from DTEP’s more extensive protection features (e.g., against unauthorized writes by enduser output instructions). This is important because the protected processor scans the file completely, from the first to the last element, when verifying the file as well as when screening the DTEP-screened commands. Figure 3.
Chapter 3 Configuring DTE Protection Screening Commands During online program editing by the end user, the protected processor screens all communications commands that can be used to modify data-table elements, manipulate addresses, or force I/O. If the DTEP mechanism is enabled—i.e., the user cannot modify privileges and there is a valid DTEP file indicated in S:63—the protected processor screens each command for access to protected data-table areas. This process checks all ranges in the DTEP file.
Chapter 3 Configuring DTE Protection As system administrator, you should have set up the basic protection for the processor application using the passwords and privileges capabilities discussed in Chapter 2. While doing this, you should have removed write privileges from all classes (except class 1) for all program and data files that you consider to be critical for the security of the application program.
Chapter 3 Configuring DTE Protection Indexed Addressing Because indexed addressing lets the end user determine the effective datatable address at run time by manipulating the status-file index word (S:24) location in ladder program, another risk could exist.
Chapter 3 Configuring DTE Protection Testing the Protection File When processing each protection-screened command while protection is enabled, the validation process checks to make sure that the: • DTEP file - exists - is an integer file • data-table file number is valid • range of values in the DTEP file are valid • file numbers exist • starting/ending element value pairs are equal or in increasing order • ranges represent words actually located in the indicated data-table file If any of thes
Index PLC-5 Protected Processor Supplement A areas to protect, 1-4 attempts to bypass security mechanisms, monitoring, 1-5 audience for this supplement, i C classes assigning privileges to, 2-2 changing, 2-11 definition, i commands screened, i, 1-3 screened by protection mechanism, 3-5 communication channel assigning default privilege class to, 2-6 limiting access to, 1-1 protecting, 1-3 control structures, protecting, 1-4 coprocessor port, 3-7 critical data tables, protecting, 1-4 D data files limiting
Index PLC-5 Protected Processor Supplement F files, downloaded, 3-5 flexibility, maintaining for end users, 1-4 I I/O force operations, protection from during download, 3-5 I/O forcing preventing, 1-1, 1-2, 1-3 protection from during downloading, 1-4 indexed addressing, 3-7 indirect addressing, 3-6 instructions screened during downloading, 3-5 integer storage registers, protecting, 1-4 J jumps to subroutines (JSRs), using to maintain flexibility for end users, 1-4 M modification of your logic, protectin
Index PLC-5 Protected Processor Supplement programming software, passwords-and-privileges function, 1-1 choosing, 2-1 protected processor advantages, 1-2 benefits, 1-1, 1-3 features, 1-1 requirements hardware, 1-2 software, 1-2 restrictions placed on the system, 3-6 protected system implementing, 1-2 limits, 3-6 planning for, 1-1 requirements, 1-2 testing, 1-2, 3-2, 3-8 protection file, creating, 3-1 protection violation, setting minor-fault bit, 3-5 protection-range entries example, 3-4 validation, 3-4 pr
Allen-Bradley has been helping its customers improve productivity and quality for 90 years. A-B designs, manufactures and supports a broad range of control and automation products worldwide. They include logic processors, power and motion control devices, man-machine interfaces and sensors. Allen-Bradley is a subsidiary of Rockwell International, one of the world’s leading technology companies. With major offices worldwide.