Cyberattacks Countermeasures

FactoryTalk Remote Access - Help

Important user information

FactoryTalk® Remote Access™ Release Notes

Getting Started

Introduction

Abbreviations and acronyms

System architecture

System items interaction

Connection between FactoryTalk Remote Access Manager and remote devices

Client and server connectivity

Proxy

Security Architecture Whitepaper

Network and protocol design

Transport security

Remote Access Tools Security

Authentication

Operation Audit

Authorization

Cyberattacks Countermeasures

Data center

Software Updates

Data Breach Policy

Best Practices

System components

FactoryTalk Remote Access

FactoryTalk Remote Access Manager Tools

Stratix 4300 Remote Access Router

Router factory settings and identification

Protection against domain change

OptixPanel Graphic Terminals

Embedded Edge Compute Module

OptixEdge

ASEM 6300 iPC

ASEM 6300B Box PC

ASEM 6300P Panel PC

ASEM 6300PA On-Machine Industrial PC

Runtime (for third party devices)

FactoryTalk Remote Access Manager

FactoryTalk Remote Access Manager overview and related entities

Organizations, domains and domain subfolders

Access protection

Menu Tree

Explorer

Geolocation

Audit

Settings

Tools

Log

FactoryTalk Remote Access Manager Tools

Interactive Access

(Interactive Access) Remote desktop

(Interactive Access) Processes

(Interactive Access) Explorer

(Interactive Access) Connection

(Interactive Access) Information

(Interactive Access) Log

Device Setup

Connection Settings

Start FactoryTalk Remote Access

Create your MyRockwellAutomation account

Log in to FactoryTalk Hub

Create an organization and a domain

Invite users to an organization

Organization activities

Manage domains and related entities

Domain roles and domain groups

Domain user permissions

Create a domain subfolder

Groups creation

Device registration to domain

Device move and removal

Runtime registration

Invite users to a device

View and manage invited users and related permissions

Domain roles and domain groups

Subdevices

Add a subdevice

Add a service

Custom service application example

Launch a service

Subdevices management

Approve remote access

Request Assistance

Firewall settings

Routing rules

Entitlements

Features comparison

Basic entitlement on ASEM 6300 iPC

Software components setup and installation

FactoryTalk Remote Access Manager Tools installation

Language setup

Runtime configuration

Windows Runtime installation and configuration

Ubuntu 22 Runtime installation and configuration

Ubuntu 22 keys reference table

Runtime command lines

FactoryTalk Remote Access entitlement activation

Local connection

Internet Sharing

Runtime service in a Docker container

Runtime features supported in Container

Step-by-step setup guide

Requirements

Install Docker and Docker Compose

Unpack components from the installation folder

Upload Docker images

Configure features supported in the container

Enable the Remote Desktop Protocol (RDP)

Enable a VPN connection

Validate configuration

Run Docker Runtime

Runtime container exposed ports

Updates

Runtime and firmware update

Over the air update for Windows Runtime

Over the air update for firmware

FactoryTalk Remote Access Manager Tools update

Ubuntu 22 Runtime update

Quick reference guide

FactoryTalk Remote Access Manager Best Practices

How to create an organization or domain

How to activate a entitlement

How to establish a remote desktop connection

How to establish a VPN connection with a remote device

How to establish a VPN connection

How to set permissions rights

How to view operations log

How to implement any network safety settings

Which ports and public IPs shall I allow through my company firewall?

Runtime connection lost

Enable FactoryTalk Remote Access for FactoryTalk Design Studio

Cyberattacks Countermeasures

This section briefly describes

FactoryTalk® Remote Access™

countermeasures to help protect against some common cyberattacks.

Brute force detection

After a few unsuccessful sign in attempts, Access Server blocks all the incoming public IP addresses for a few minutes.

This measure makes brute force JSON Web Token (JWT) attack attempts ineffective.

Code Signing

FactoryTalk® Remote Access™

application binaries are signed with a private key. This confirms that users can validate the authenticity and integrity of

FactoryTalk® Remote Access™

applications.

Man-in-the-middle

Access Server, Web APIs, and Frontend-Runtime connections all use end-to-end encryption (explained earlier) that make man-in-the-middle attacks not possible.

Security Architecture Whitepaper

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.

Normal