I'm new to this forum and this be my first post here.
I'm Principal Architect-Security Solution, and recently being involved with sec assessment of PI system/sub-systems. I'm starting off with risk assessment in scope of PI-SDK utility, I'm new to PI systems, I did spend time reading manuals and guide on PI system, but skeptical in regard to this otherwise simply utility be a source of threats to OT/IoT networks. I appreciate someone with more domain knowledge than me, can help me validate the following:-
- Can PI SDK utility be trusted to remain secure if allowed to run in DMZ network? As standalone application running on a Windows O/S connecting to DA over port 5040, is risky as anyone with windows account can take control over sdk?
- Should the port communication be digitally signed or encrypted?
- Placing a FW between PI server and utility is it enough to ensure security?
- All sec hardening guidelines are applicable to PI server, but in case of SDK utility, there are not many.
- What are more safer alternates to PI SDK utility as client access technology?