Pilz PCOM sec br2 User manual

PCOM sec br2
Operating Manual-1004534-EN-04

Preface
This document is a translation of the original document.
All rights to this documentation are reserved by Pilz GmbH & Co. KG. Copies may be made
for internal purposes. Suggestions and comments for improving this documentation will be
gratefully received.
Pilz®, PIT®, PMI®, PNOZ®, Primo®, PSEN®, PSS®, PVIS®, SafetyBUS p®,
SafetyEYE®, SafetyNET p®, the spirit of safety® are registered and protected trademarks
of Pilz GmbH & Co. KG in some countries.
SD means Secure Digital

Contents
Operating Manual PCOM sec br2
1004534-EN-04 | 3
1 Introduction ............................................................................................................................ 5
1.1 Validity of documentation.......................................................................................................... 5
1.2 Using the documentation .......................................................................................................... 5
1.3 Definition of symbols................................................................................................................. 5
1.4 Third-party manufacturer licence information ........................................................................... 6
2 Safety ...................................................................................................................................... 7
2.1 Intended use ............................................................................................................................. 7
2.2 Safety regulations ..................................................................................................................... 7
2.2.1 Use of qualified personnel ........................................................................................................ 7
2.2.2 Warranty and liability ................................................................................................................ 8
3 Security ................................................................................................................................... 9
3.1 General guidelines.................................................................................................................... 9
3.2 Defense in depth....................................................................................................................... 9
3.3 Operating environment ............................................................................................................. 10
3.4 Commissioning ......................................................................................................................... 11
3.5 User accounts........................................................................................................................... 11
3.6 Operation .................................................................................................................................. 11
3.7 Decommissioning ..................................................................................................................... 12
4 Overview ................................................................................................................................. 13
4.1 Unit features ............................................................................................................................. 13
4.2 Front view ................................................................................................................................. 14
5 Function description ............................................................................................................. 15
5.1 Block diagram ........................................................................................................................... 16
5.2 VPN tunnel................................................................................................................................ 16
5.3 Input and output........................................................................................................................ 17
5.4 USB memory ............................................................................................................................ 18
6 Installation .............................................................................................................................. 19
6.1 General installation guidelines.................................................................................................. 19
6.2 Dimensions ............................................................................................................................... 19
7 Wiring ...................................................................................................................................... 20
7.1 General wiring guidelines ......................................................................................................... 20
7.2 Connection................................................................................................................................ 20
7.3 Network interfaces .................................................................................................................... 21
8 Configuration ......................................................................................................................... 22
8.1 User interface ........................................................................................................................... 22
8.2 Establish connection to SecurityBridge .................................................................................... 22
8.3 Managing users ........................................................................................................................ 24
8.3.1 Permissions .............................................................................................................................. 24
8.3.2 User groups .............................................................................................................................. 25
8.3.3 Create user ............................................................................................................................... 25
8.3.4 Manage user via RADIUS server.............................................................................................. 25

Contents
Operating Manual PCOM sec br2
1004534-EN-04 | 4
8.4 Create device............................................................................................................................ 27
8.4.1 Forwarding rules for PSS 4000................................................................................................. 27
8.4.2 Access rules for Generic Devices............................................................................................. 28
8.5 Manage certificates................................................................................................................... 28
8.6 Manage logging ........................................................................................................................ 31
8.7 Set operating modes................................................................................................................. 31
8.8 Save and secure the configuration ........................................................................................... 31
8.9 Check sum monitoring .............................................................................................................. 32
9 Access to the system in the protected network ................................................................. 33
9.1 Install client ............................................................................................................................... 33
9.2 Create new client connection.................................................................................................... 33
9.3 Log in to client........................................................................................................................... 34
9.4 Authentication procedure.......................................................................................................... 34
10 Firmware update .................................................................................................................... 37
11 Operation ................................................................................................................................ 38
11.1 LED indicators .......................................................................................................................... 38
11.2 Recovery................................................................................................................................... 39
11.3 Error mode................................................................................................................................ 40
11.4 Take SecurityBridge safely out of operation ............................................................................. 41
12 Application examples ............................................................................................................ 42
12.1 PNOZmulti with fieldbus module............................................................................................... 42
12.2 Release of remote access with a key switch ............................................................................ 43
12.3 PSS 4000 with an external control and OPC server................................................................. 44
13 Technical details .................................................................................................................... 45
14 Network data .......................................................................................................................... 48
15 Security-relevant log messages ........................................................................................... 49
16 Order reference ...................................................................................................................... 50
16.1 Product ..................................................................................................................................... 50
16.2 Accessories .............................................................................................................................. 50

Introduction
Operating Manual PCOM sec br2
1004534-EN-04 | 5
1 Introduction
1.1 Validity of documentation
This documentation is valid for the product PCOM sec br2. It is valid until new documenta-
tion is published.
This operating manual explains the function and operation, describes the installation and
provides guidelines on how to connect the product.
1.2 Using the documentation
This document is intended for instruction. Only install and commission the product if you
have read and understood this document. The document should be retained for future ref-
erence.
1.3 Definition of symbols
Information that is particularly important is identified as follows:
DANGER!
This warning must be heeded! It warns of a hazardous situation that poses
an immediate threat of serious injury and death and indicates preventive
measures that can be taken.
WARNING!
This warning must be heeded! It warns of a hazardous situation that could
lead to serious injury and death and indicates preventive measures that can
be taken.
CAUTION!
This refers to a hazard that can lead to a less serious or minor injury plus
material damage, and also provides information on preventive measures
that can be taken.
NOTICE
This describes a situation in which the product or devices could be dam-
aged and also provides information on preventive measures that can be
taken. It also highlights areas within the text that are of particular import-
ance.

Introduction
Operating Manual PCOM sec br2
1004534-EN-04 | 6
INFORMATION
This gives advice on applications and provides information on special fea-
tures.
1.4 Third-party manufacturer licence information
This product includes Open Source software with various licences.
You can receive further information by calling up the menu Technical Support → Licence
information in the web application of the SecurityBridge.
The relevant source codes can be requested via [email protected].
Your request should include the following: (a) the firmware name, (b) the firmware version,
(c) your name, (d) your company name (if applicable), (e) your reply address and (f) your E-
mail address (if possible).
Pilz can charge a fee for the data medium and for sending.
The request for the source code must be received 3 years at the latest after the receipt of
the relevant GPL or LPGL. Irrespective of this period we will send you a complete, ma-
chine-readable copy of the source code as long as Pilz offers spares or technical support
for this device.
Pilz permits the purchaser of this product to edit proprietary components from Pilz that are
linked to Open Source components under the LGPL. Further, Pilz permits reverse engin-
eering for debugging of the edited, proprietary components. The results of reverse engin-
eering must not be disclosed to any third party and the edited software must not be distrib-
uted to any third party.
This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (http://www.openssl.org/).

Safety
Operating Manual PCOM sec br2
1004534-EN-04 | 7
2 Safety
2.1 Intended use
The SecurityBridge PCOM sec br2 is used to protect the PSS4000 and PNOZmulti system
from network-based attacks and unauthorised access over the network.
The SecurityBridge PCOM sec br2 may only be connected to a head module from the PSS
4000 system or to a base unit of the configurable system PNOZmulti (please refer to the
document "PNOZmulti System Expansion" for details of the base units that can be connec-
ted).
The following is deemed improper use in particular
}Any component, technical or electrical modification to the product,
}Use of the product outside the areas described in this manual,
}Use of the product outside the technical details (see Technical details [ 45]).
NOTICE
EMC-compliant electrical installation
The product is designed for use in an industrial environment. The product
may cause interference if installed in other environments. If installed in other
environments, measures should be taken to comply with the applicable
standards and directives for the respective installation site with regard to in-
terference.
2.2 Safety regulations
2.2.1 Use of qualified personnel
The products may only be assembled, installed, programmed, commissioned, operated,
maintained and decommissioned by competent persons.
A competent person is a qualified and knowledgeable person who, because of their train-
ing, experience and current professional activity, has the specialist knowledge required. To
be able to inspect, assess and operate devices, systems and machines, the person has to
be informed of the state of the art and the applicable national, European and international
laws, directives and standards.
It is the company’s responsibility only to employ personnel who
}Are familiar with the basic regulations concerning health and safety / accident prevention,
}Have read and understood the information provided in the section entitled Safety
}Have a good knowledge of the generic and specialist standards applicable to the specific
application.

Safety
Operating Manual PCOM sec br2
1004534-EN-04 | 8
2.2.2 Warranty and liability
All claims to warranty and liability will be rendered invalid if
}The product was used contrary to the purpose for which it is intended,
}Damage can be attributed to not having followed the guidelines in the manual,
}Operating personnel are not suitably qualified,
}Any type of modification has been made (e.g. exchanging components on the PCB
boards, soldering work etc.).

Security
Operating Manual PCOM sec br2
1004534-EN-04 | 9
3 Security
3.1 General guidelines
}Please refer to the chapter Operating environment [ 10]. The product is not designed
for connecting a network to the internet.
}Perform a risk analysis and plan the security measures carefully. If necessary, seek ad-
vice from Pilz Customer Support.
}Please note that the product forwards ICMP Echo Request and Response packages
(ping) and ARP requests and responses between the unprotected and the protected net-
work, independent of the configuration. However, the device limits the number of pack-
ages to make flooding attacks more difficult.
}Please report any security problems of the SecurityBridge to the following E-mail ad-
dress: [email protected]
3.2 Defense in depth
Defense in depth is a security design concept. Several different security measures to pro-
tect from attacks are arranged in series and/or in layers. An attack is made difficult because
the attacker has to circumvent different security measures one after the other. This concept
can be illustrated as follows:
Company Firewall
Production Network Firewall
SecurityBridge
PNOZmulti
PSS 4000
Fig.: DefenseInDepth
The product PCOM sec br2 secures the devices in the protected network from network-
based attacks and/or unauthorised access via the network. The product is the last layer in
the Defense in depth concept. To efficiently implement the concept, the measures de-
scribed in the chapter Operating environment [ 10] must be noted.

Security
Operating Manual PCOM sec br2
1004534-EN-04 | 10
3.3 Operating environment
The product has no measures to protect against physical manipulation and/or against read-
ing of memory content during physical access. Further, the product cannot secure the
devices in the protected network when the attacker has physical access to the entire net-
work. Therefore, the product in conjunction with the devices to be protected has to be in-
stalled in a lockable control cabinet. We recommend equipping the control cabinet with a
suitable lock and organising the access to the control cabinet.
Plant network
Client PC
(VPN client)
Internet
Firewall for production
or plant network
SecurityBridge Protected
network
Company network
Client PC
(VPN client)
Unprotected network
Firewall for
company network
Fig.: Network overview
To implement the defense in depth concept provided, the product has to be arranged in the
network as shown in the figure "Network overview". The chapter Network data [ 48] de-
scribes the network protocols that the product uses to communicate with other systems.
Note these protocols when configuring your network environment.
The SecurityBridge cannot protect from network overload or flooding attacks in an unpro-
tected network. When the unprotected network is overloaded, the protected system may
not be accessible. Therefore, measures should be taken to protect the network infrastruc-
ture from flooding attacks or other overload situations.
The computer on which the VPN client and the configuration tool are run will have to be
protected by a firewall or other appropriate measures against attacks from the internet. Fur-
ther we recommend that you use a virus scanner on these computers. Protect the computer
from unauthorised use by assigning passwords, and taking further measures, if required.
We also recommend that the logged in user does not have administrator rights.

Security
Operating Manual PCOM sec br2
1004534-EN-04 | 11
3.4 Commissioning
}Before commissioning, create the environment described in the chapter Operating
environment [ 10].
}For the VPN and HTTPS protocols, the device requires an encrypted key that is created
during commissioning. To exclude an attack during commissioning, please follow the in-
structions in the chapter Establish connection to SecurityBridge [ 22].
}Change the default password for the user account "admin".
3.5 User accounts
}Assign only safe passwords. Criteria for a safe password:
– The password should have at least 8 characters.
– The password should contain upper and lower case characters, as well as special
characters and numbers.
– If possible, the password should not be available in dictionaries.
– The password should not be made up of standard variants and repetitions or key-
board patterns (so not: 1234abcd).
– Use a password manager for optimum management of complex passwords.
– When assigning the password, please note that language-dependent characters may
not be available in all the keyboard languages.
}Make sure you regularly change the passwords of the user accounts on the system and/
or ask the users to change their passwords themselves.
}Retain the passwords safely and train the personnel to deal with Phishing and Social En-
gineering attacks.
}Strictly separate the user accounts for the product administration and the access to the
systems in the protected network.
}Make the users aware of the responsible use of their access data.
3.6 Operation
Please note the following measures when operation the device:
}The computers used to monitor the system must be secured to the general best practice
rules for security.
}As soon as possible, install firmware updates that Pilz provides for the device.
}Make sure you regularly check the event log of the product for security-relevant entries. A
list of security-relevant entries can be found in chapter Security-relevant log
messages [ 49].
}Wherever possible, forward the entries of the event log to a log server (see chapter Man-
age logging [ 31]). This ensures that the entries will be available for a longer period
of time, and that it is made more difficult for an attacker to delete entries.
}Regular safety updates for the operating system and the installed applications must be
run on the computer that uses the VPN client.

Security
Operating Manual PCOM sec br2
1004534-EN-04 | 12
}Ensure that the setup mode is used only by authorised users. Use a key switch at the in-
put I0 to enable the setup mode, for example.
}Unless otherwise documented, you should ensure that all the files created by the Secur-
ityBridge can only be used by authorised users.
3.7 Decommissioning
}Make sure that the SecurityBridge is safely decommissioned before disposing of the
device (see chapter Take SecurityBridge safely out of operation [ 41]).
}Where possible, perform these steps also when servicing and sending the device to Pilz.

Overview
Operating Manual PCOM sec br2
1004534-EN-04 | 13
4 Overview
4.1 Unit features
Application of the product PCOM sec br2:
SecurityBridge for safe authentication and communication with a PSS4000 or a PNOZmulti
system.
The product has the following features:
}Configurable via a web-based user interface
}VPN server to build a VPN tunnel for safe transfer of data
}Forwarding rules for IP connections and fieldbuses
}Bypass mode (temporary deactivation of security functions for diagnostic purposes)
}Setup mode for maintenance work
}Output, e.g. to display the status of the connections or the operating mode
}Input to trigger certain functions or event messages (e.g. activating the setup mode)
}USB interface to secure and restore the configuration on a USB memory.
}LED display for:
– Error messages
– Diagnostics

Overview
Operating Manual PCOM sec br2
1004534-EN-04 | 14
4.2 Front view
XXXXXX
XXXXXX
XX
Firmware
XXXX
Hardware version (HW)
Serial number
Order number
Firmware version (FW)
XXXXXX
XXXXXX
XX
Firmware
XXXX
Fig.: PCOM sec br2
Legend
X1 Network Ethernet port for connecting the configuration PC
X2 Device Ethernet port for connecting to the protected system
X3 }24 V, 0 V: Periphery supply
}I0: Input
}O0: Output
X4 24 V (A1), 0 V (A2) Module Supply
X5 USB interface for USB memory to save and restore the configuration
LEDs PWR, DIAG, Bypass, User, Setup, I0, O0

Function description
Operating Manual PCOM sec br2
1004534-EN-04 | 15
5 Function description
Plant network
Client PC
(VPN client)
Internet
Firewall for production
or plant network
SecurityBridge Protected
network
Company network
Client PC
(VPN client)
Unprotected network
Firewall for
company network
Fig.: Overview
The SecurityBridge is used with in the company network to prevent unauthorised access to
downstream devices in a protected network. The access from the client PC to the devices
in the protected network can only be achieved using a VPN tunnel. A VPN client is used to
build up a VPN tunnel. In normal circumstances, the VPN client is within the company net-
work.
Configuration changes to a project can only be performed by users who have a relevant
permission.

Function description
Operating Manual PCOM sec br2
1004534-EN-04 | 16
5.1 Block diagram
Power Network
(unprotected)
Device
(protected)
Mass
Storage
Supply
I0
Input
A1 A2
USB
O0 24 V 0 V
FE
(X2)
(X1)
(X5)
(X3)
(X3) (X3)
(X4)
USB
+ 24 V DC
5.2 VPN tunnel
VPN tunnel
Client PC
(VPN client)
User
Unprotected
network
Security Bridge Protected
network
(local network)
PSS 4000
PNOZmulti
Fig.: VPN tunnel
The SecurityBridge acts as VPN server, through which a Virtual Private Network (VPN) can
be established to one or more client PCs (configuration PC). This enables tap-proof, manip-
ulation-proof data transfer between the client PC and SecurityBridge.
}Only the VPN client from Pilz is supported.
}Up to 5 client connections can exist simultaneously.
}A VPN tunnel can only be built by authenticated, authorised users.
}Data is transferred through the VPN tunnel in an encrypted form.
}Existing VPN connections can be displayed via a digital output on the module.
}As a minimum the user must have permission from the group "PNOZmulti permissions",
"Network permission" or "PSS 4000 permissions” or "Generic Device permissions".
}After 5 failed login attempts from the same client IP address, further login attempts with
the same IP address will be blocked for 10 minutes.

Function description
Operating Manual PCOM sec br2
1004534-EN-04 | 17
}The VPN connection can be controlled via a digital input.
}The VPN connection can be signalled via an LED.
5.3 Input and output
The SecurityBridge provides a digital input and a digital output. These can be used for vari-
ous functions, as required.
The following functions can be configured on the user interface:
}Functions digital input:
– SSLVPN
Access to the SecurityBridge via a VPN connection is controlled via the digital input.
New VPN connections can only be created when there is a 1-signal at the input or, in
the case of an inverted input, a 0-signal. The connection is broken as soon as the
configured signal is no longer present at the input.
– SETUP MODE
Setup mode can be activated via the digital input. Setup mode is active when there is
a 1-signal at the input or, in the case of an inverted input, a 0-signal.
}Functions digital output
– SSLVPN
A VPN connection is signalled via the digital output. If there is a 1-signal at the output,
then there is at least one VPN Client connected. If there is a 0-signal at the output,
then no VPN Client is connected.
– BYPASS
Bypass mode is signalled via the digital output. If there is a 1-signal at the output,
then bypass mode is activated. If there is a 0-signal at the output, then bypass mode
is not activated.
– CRC
A change to the check sum is signalled via the digital output. If there is a 1-signal at
the output, then at least one project check sum no longer matches the configured
check sum. If there is a 0-signal at the output, then no check sum has changed.
Please note that in the menu Security functions the option Check sum monitoring
must be configured.
– DEVMON
Device monitoring is signalled via the digital output. If there is a 1-signal at the output,
then at least one device that has been configured for monitoring is no longer access-
ible. If there is a 0-signal at the output, then all devices are accessible.
Please note that in the menu Security functions the option Device monitoring must
be configured.
– SETUP MODE
Setup mode is signalled via the digital output. If there is a 1-signal at the output, then
setup mode is activated. If there is a 0-signal at the output, then setup mode is not ac-
tivated.

Function description
Operating Manual PCOM sec br2
1004534-EN-04 | 18
5.4 USB memory
The SecurityBridge has a USB connection, to which you can connect a USB memory to
back up your configuration (see also Save and secure the configuration [ 31]).
Requirements of the USB memory
}Use only one USB memory from a secure source. A manipulated USB memory could
damage the system.
}The USB memory must comply with the transfer protocol Mass Storage Device Class
(USB MSC or UMS).
}The USB memory must contain a Master Boot Record (MBR).
}The first partition of the USB memory must be formatted as a VFAT file system.
}In the event of an ambient temperature of over 45 °C, note that the temperature of the
connected USB memory could rise to over 70 °C.
Using the USB memory
An inserted USB stick can be formatted and incorporated via the user interface of the Se-
curityBridge.
When a USB stick is inserted and it has been formatted by the SecurityBridge, it is auto-
matically incorporated.
You can save your configuration to the USB stick and restore it from there.
When the USB stick is incorporated, the configuration is saved automatically to the USB
stick when the active configuration is transferred into the start configuration.
CAUTION!
When using the USB backup, make sure that the SecurityBridge and USB
memory are protected against unauthorised access (by placing the Secur-
ityBridge in a locked control cabinet, for example).

Installation
Operating Manual PCOM sec br2
1004534-EN-04 | 19
6 Installation
6.1 General installation guidelines
}The unit should be installed in a control cabinet with a protection type of at least IP54. Fit
the unit to a horizontal mounting rail. The venting slots must face upward and downward.
Other mounting positions could destroy the device.
}Use the locking elements on the rear of the unit to attach it to a mounting rail. Connect
the device to the mounting rail in an upright position, so that the earthing springs on the
device are pressed on to the mounting rail.
}The ambient temperature of the devices in the control cabinet must not exceed the figure
stated in the technical details. Air conditioning may otherwise be required.
}To comply with EMC requirements, the mounting rail must have a low impedance con-
nection to the control cabinet housing.
NOTICE
Damage due to electrostatic discharge!
Electrostatic discharge can damage components. Ensure against discharge
before touching the product, e.g. by touching an earthed, conductive sur-
face or by wearing an earthed armband.
6.2 Dimensions
94 (3.70")
45
(1.77")
121 (4.76")

Wiring
Operating Manual PCOM sec br2
1004534-EN-04 | 20
7 Wiring
7.1 General wiring guidelines
Please note:
}Information given in the Technical details [ 45] must be followed.
}Use copper wire that can withstand 75°C.
}The cable length of the cables connected to the inputs and output must be a max. of 30
m.
}The supply of the module and the supply of the SC outputs are galvanically isolated.
}Module supply:
– Polarity protection
– Overvoltage protection
Protect the supply voltage as follows:
– Circuit breaker, characteristic C - 6 A
or
– Blow-out fuse, slow, 6A
}Supply to the SC outputs:
– Polarity protection
– No voltage stabilisation
7.2 Connection
Supply to the module X4 Supply to the SC outputs X3
A2
A1
6 A
0 V
+ 24 V DC
Input X3
24 V DCI0
Output X4
24 V DC
O0
0 V
This manual suits for next models
1
Table of contents
Other Pilz Security System manuals
Popular Security System manuals by other brands

First Alert
First Alert FA120C user manual

Raidon
Raidon InTANK iR2624-S3 Series user manual

Scytek electronic
Scytek electronic VEHICLE SECURITY SYSTEM A10 product manual

Burg Wächter
Burg Wächter secuENTRY Home ENTRY 5000 CYL operating instructions

Viking
Viking VS 1125 Installation & operation instructions

Bosch
Bosch Radion B810 installation guide