The Joint Accelerator Conferences Website (JACoW) is an international collaboration that publishes the proceedings of accelerator conferences held around the world.
TY - CONF AU - Golonka, P. AU - Kamarainen, H.T.T. ED - Corvetti, Lou ED - Riches, Kathleen ED - Schaa, Volker RW TI - Securing Access to Controls Applications with Apache httpd Proxy J2 - Proc. of ICALEPCS2015, Melbourne, Australia, 17-23 October 2015 C1 - Melbourne, Australia T2 - International Conference on Accelerator and Large Experimental Physics Control Systems T3 - 15 LA - english AB - Many commercial systems used for controls nowadays contain embedded web servers. Secure access to these, often essential, facilities is of utmost importance, yet it remains complicated to manage for different reasons (e.g. obtaining and applying patches from vendors, ad-hoc oversimplified implementations of web-servers are prone to remote exploit). In this paper we describe a security-mediating proxy system, which is based on the well-known Apache httpd software. We describe how the use of the proxy made it possible to simplify the infrastructure necessary to start WinCC OA-based supervision applications on operator consoles, providing, at the same time, an improved level of security and traceability. Proper integration with the CERN central user account repository allows the operators to use their personal credentials to access applications, and also allows one to use standard user management tools. In addition, easy-to-memorize URL addresses for access to the applications are provided, and the use of a secure https transport protocol is possible for services that do not support it on their own. PB - JACoW CP - Geneva, Switzerland SP - 705 EP - 708 KW - controls KW - network KW - embedded KW - software KW - interface DA - 2015/12 PY - 2015 SN - 978-3-95450-148-9 DO - 10.18429/JACoW-ICALEPCS2015-WEPGF010 UR - http://jacow.org/icalepcs2015/papers/wepgf010.pdf ER -