Cybersecurity

Cybersecurity Guidelines

Use this product inside a secure industrial automation and control system. Total protection of components (equipment/devices), systems, organizations, and networks from cyber attack threats requires multi-layered cyber risk mitigation measures, early detection of incidents, and appropriate response and recovery plans when incidents occur. For more information about cybersecurity, refer to the Pro-face HMI/IPC Cybersecurity Guide.

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

Change default passwords at first use to help prevent unauthorized access to device settings, controls and information.
Disable unused ports/services and default accounts, where possible, to minimize pathways for malicious attacks.
Place networked devices behind multiple layers of cyber defenses (such as firewalls, network segmentation, and network intrusion detection and protection).
Apply the latest updates and hotfixes to your Operating System and software.
Use cybersecurity best practices (for example: least privilege, separation of duties) to help prevent unauthorized exposure, loss, modification of data and logs, interruption of services, or unintended operation.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Security Features Provided

This product provides the following security features. These features provide security capabilities which contribute towards protecting the product from potential security threats.

Security Enhanced Project File (*.prxe)
Project files can be saved in PRXE format with enhanced security through file encryption.
Creating a Project - Start / Create Screen / Save / Exit

Project File Password
You can add security to projects by setting a project password required to edit or transfer a project.
Setting up a Password for Project and Project Data
Secure Transfer with Passwords

Password / User ID
You can control users who can access the display unit and its parts with a password and user ID.
Settings Menu

Operation Log
Maintaining a history (log) of operations on the display unit is useful in analyzing causes of problems, such as what operations were run before an error occurred.
Save Operation History

Connection Key
You can set up authentication of the Connection Key for display unit communication with either the GP-Pro EX Transfer Tool or GP-Viewer EX.
How the Connection Key Works

Port Control
For each function, you can now set ports open or closed.
System Settings [Display Unit] - [Port Control] Settings Guide

FTP Function
Supports encryption of transmission data using FTPS.
Remote Viewer - FTP

Notes on safe operation

Build a secure network to prevent unauthorized access

Build a communication environment using encrypted communication.

By using Pro-face Connect or IPsec, you can build networks with encrypted communication environment.
Using Pro-face Connect's System
Encrypting Communication Data Using IPsec
When you cannot use Pro-face Connect or IPsec, establish an encrypted communication environment such as a VPN.
(Example: When connecting WinGP and mobile apps such as Pro-face Remote HMI)

Make sure your network is secure before establishing communication and transferring data over Ethernet.

Select a transfer option that is not based on Ethernet communication. (For example: USB cable or external storage)
Transferring Project Files via USB Transfer Cable
Transfer using external storage

Open the data communication port only when using a communication service.

Protect your computer with a firewall and use the computer on a trusted network.

Prevent unauthorized operations from third parties

Use Windows security features such as password settings, automatic logout, and so on.

If you use a Windows administrator account, define secure passwords and security settings.

Use the display unit’s security feature.

Use the automatic logout feature.
Provide the security level to unlock to a limited number of users only.
To prevent unauthorized communication between the display unit and PC, set up a connection key.
How the Connection Key Works

IPC Series, PC/AT

Operate the run time on trusted computers only.
Use Windows security features such as password settings, automatic logout, and so on.
Set secure passwords and security for your projects.

Protect against information tampering

To protect your computer and enhance security settings, use the following guidelines which are based on cybersecurity best practices (including antivirus software, operating system updates, strong password policies, and application allowlist software).
https://www.pro-face.com/trans/en/manual/1087.html

Manage your own data carefully.

Apply a password to your project for protection.
Project Information - Password

When using USB cable or Ethernet transfer options, from [Send/Receive Project File] enable [Password].
Secure Transfer with Passwords

Use GP-Pro EX on trusted computers only.

In a local network (LAN) environment, prepare a secure communication environment to prevent third party intervention.
(For example: Strict control of the installation place of the LAN hub between GP-Pro EX and the display)

As password setting data includes security information, store in a secure environment.
Creating Password Settings

After GP-Pro EX is installed, any files (such as project files, package files and exported files) that are created or output are not deleted when GP-Pro EX is uninstalled. We recommend reviewing contents carefully and either managing or deleting the files.

Uninstalling WinGP does not delete any files (such as project files and exported files) used by WinGP or generated by WinGP. We recommend reviewing contents carefully and either managing or deleting the files.