Security references
The TwinCAT ADS WCF service provides access through different endpoints. Some of them are implemented without security features to provide better performance and should only be used in secured intranet environments. These endpoints are marked with the Unsec prefix.
If you want the TwinCAT ADS WCF service to be reachable via the Internet, you should ensure that these endpoints are not reachable.
Secured endpoints
If you want to use the secured endpoints of the TwinCAT ADS WCF service you have to use a SSL encoded port for communication and the authentication is based on Windows credentials.
You can use your own certificates for SSL encoding or you can use a self signed certificate generated by the TcAdsWcfCertGen.exe tool.
Configure a port with an SSL certificate
Microsoft provides port configuration tools for the different versions of Microsoft Windows. A manual for configuring a port with an SSL certificate can be found here.