Course Length: 12 hours

Prerequisites:

• Level 1: OPC & DCOM Diagnostics

Description:

Securing OPC Systems: Students apply security measures that comply with IT policies, industrial best practices, and government (SOX) regulations for cybersecurity. Students learn how to configure the Windows Firewall and the minimal required exceptions for OPC communication. They also learn the minimal set of users and groups that are necessary to include in the System Access Control Lists. This enables integrators to step away from their OPC installation with the confidence that it is properly secure.

DCOM Configuration: The class begins with a series of hands-on exercises designed to put DCOM theory into practice. Students diagnose OPC and DCOM problems, and work to repair them.

Data Execution Prevention: Students learn how to diagnose OPC problems that are caused by misbehaving software. Once the problem is diagnosed, students determine whether or not they should get the software fixed, or if they should configure Windows around the misbehaving software.

OPC and the Firewall: Students configure the Windows firewall to enable OPC communication. This includes both port and protocol exceptions. The class discusses the difference between the Windows firewall and external firewalls.

Access Control Lists: Students configure their OPC applications to permit only the absolute minimum set of Access Control Entries to ensure maximum security. They then allow only the necessary people to gain access. This ensures people are able to have secure OPC implementations that are able to resist access from non-authorized personnel.

Demilitarized Zone (DMZ): Students learn how a DMZ helps satisfy federal, industrial, and company security requirements. The class discusses the DMZ's impact on OPC communication, and the necessary components to ensure a secure and robust communication platform.

To view a list of companies throughout the world with Certified OPC Professional (COP) designation staff, click here

Objectives:

Upon completion of this training, students will:

• Discover DCOM’s inner workings to explain causes of mysterious behavior
• Learn how to properly secure OPC installations by configuring the firewall, Data Execution Prevention, and Access Control Lists
• Eliminate unnecessary Windows Services
• Diagnose OPC issues that result from Windows Authentication
• Learn the applications for a Demilitarized Zone (DMZ) and how it affects OPC installations
• Learn OPC Best Practices to avoid common pitfalls

 Microsoft DCOM Hardening overview:

• Affected systems (and unaffected systems)
• Vulnerabilities solved
• Reason for Microsoft's actions
• How to implement possible solutions
  • Permanent (proper) fix
  • Permanent workaround
  • Temporary fix
  • Do nothing

What's Included:

OPCTI provides the following during training:

• Dedicated use of a computer for the duration of the course
• Level 2: "OPC Security" resource workbook
• Certified OPC Professional Level 2 Certificate (upon successful completion)
• Refreshments

 

Learning Environment:

OPCTI provides hands-on training and as such, each student receives their own dedicated computer for the duration of the training so they can complete all the exercises on their own. (Students can also bring their own laptops.) OPCTI provides all the necessary software licenses. The software used is from various vendors to expose students to various solutions and ensure a vendor-neutral message. At the end of the course, participants receive a demo copy of all the software so they can review the exercises at a later date and/or try out the software at their workplace.