0

I used this MS link to put together a TCP server in C# on a PC. I'm holding the port open and waiting for connections to be established by various PLC clients. The PLCs are in moving autonomous bots, so they move in and out of Wi-Fi range. I'm using this setup to acquire running variables (battery %, etc.) from the bots and display them in a UI for the system administrator to monitor.

I setup the router with port forwarding so that the data arrives on the server PC from the various clients. I'm using Siemens S7-1200 PLCs and I don't believe that they support high end security features like PCs.

So my question is this, if the admin PC is running a Windows service that constantly monitors the open port then is there a security risk? And if there are risks, can you please explain and support with links or resources to help me patch these holes (in C#)?

It seems safe to me because if the PC is off, the port is closed. If the PC is on, the port is open but is bound to the application monitoring it. If the port receives something that it does not deem valid it just dumps that data. I am not incredibly knowledgeable on software and PC security, but this is slightly different because it is a single PC interfacing with less capable hardware.

ZF007
  • 3,708
  • 8
  • 29
  • 48
itstudes
  • 411
  • 5
  • 14
  • 1
    Having a port open has an element of risk, it is up to your app on how you handle it. usually you hear of buffer overruns etc giving people access.. the level of risk also depends on what your bots can do .. so for example, if someone could get on the wifi, and wireshark the traffic and these bots maybe turned off machinery, your risk would be.. your machinery could be constantly turned off by a rogue item.. or it could crash the app so nothing could turn it off.. etc – BugFinder Jul 14 '16 at 09:56
  • 1
    There is no security threat from keep a port open since no executable code is being run on the server. You are prone to a Traffic Attack where a client constantly sends data on the port and blocks other users from making connections. – jdweng Jul 14 '16 at 10:12
  • @BugFinder if you were to handle buffer overflows and drop any unknown messages then the system should not fail? – itstudes Jul 14 '16 at 10:20
  • @tdwolff I wouldnt guarantee it, because it depends a lot on what can be done, and the determindness of the person wanting to get in, however, the more effort you put in, the better. Some people will tell you can hack in via ping (for example) .. Id like to think you cant actually do that much.. but.. – BugFinder Jul 14 '16 at 10:22
  • @jdweng even though no executable code is being run I want to prevent unauthorized access to the server. Also, is there a way to prevent a traffic attack? – itstudes Jul 14 '16 at 10:32

1 Answers1

0

Having a port open exposes you to anyone connecting to that port and providing bad information, exposing a vulnerability on your message parsing and socket handling implementation (buffer overflow or script injection), or just swamping your application with traffic. The last one is almost impossible to protect against, someone can always DOS you at some level.

None of these are unexpected risks, but you need to be aware of them and ensure that you properly scrub incoming traffic to reject malformed requests and somehow authenticate and drop connections that aren't from the bots you expect.

If you do make an authentication step, you'll want to encrypt the channel before authentication using something like SSL or SSH. Otherwise, someone else could watch your traffic, observe the authentication transaction, and then just copy it.

Best of luck! Security is a deep rabbit hole, but a very valuable skill!

Jedidiah Bartlett
  • 227
  • 2
  • 8