Hi PLCnext-Community,
we are trying to improve the security of our controllers. As it is, we are currently storing secrets on the controllers for use by our projects. For example, we need to send files to remote servers, therefore we need to store the passwords for accessing these servers.
We also would like to have a python application that has write access to the PLCs global data space. That access is password-protected (which is good), but if the python application is running on the same controllers that it is accessing, then the password also needs to be stored on that controller.
Are there any procedures or methods for storing such passwords as securely as possible?
The ideal solution would protect against an attacker with physical access. In other words: Even if an attacker were to hold the controller in their hands, they would be unable to retrieve the password from the device.
The next best level would be protection against an attacker with remote access, meaning the passwords are safe from someone that can log into the controller using SSH.
And so on…
I’m interested in any tips and opinions! What methods do you use? What level of protection is achievable?
Best regards,
Daniel