Communications Protocol Lockout Overview - Siemens 9410RC User Manual

9410 series

Communications protocol lockout overview

40
2. Set basic security options
• Change the display (front panel) password.
• Disable broadcasting time synchronization (advanced security only).
• Enable/disable display (front panel) and Webserver programming.
• Enable/disable Modbus programming (advanced security only).
3. Configure communications protocol lockout options
a. Configure protocol-specific settings:
• Set the number of attempts before the protocol is locked out.
• Set the session timeout.
b. Configure global lockout settings:
• Enter a lockout duration.
• Set the priority of meter access events.
4. Configure users (advanced security only)
• Determine user access.
• Set user passwords.
The communications protocol lockout security feature allows you to set the number of
invalid login attempts that each user can make using a particular protocol and
communications method before being locked out (a user is defined as a user login and
password combination).
For protocols that are not session-based (ION), you can configure how often the
device registers invalid login attempts by configuring the session timeout. You can also
configure the lockout duration for all configurable protocols.
NOTE: If protocol lockout is set to 0 (zero) there is no limit to the number of invalid
login attempts and the protocol will never be locked out. However, the invalid login
attempt events are recorded if the meter access events are configured to record invalid
access attempts.
Session timeout specifies the active duration for a protocol; during this time, repeated
invalid login attempts using the same USER/password combination are not registered
(repeated invalid attempts with different combinations are still registered). Session
timeout only applies to protocols which are not session-based and send credentials
with each packet, and should be configured to help prevent accidental lockouts and
filling the meter's event log with protocol access events.
Once a user is locked out, the device will not accept login attempts from that user on
that protocol and communications method until the lockout duration has passed.
Invalid login attempts accumulate until the user has completed a valid login or been
locked out. For example, once USER01 has been locked out using ION over Ethernet,
USER01 cannot access the device using ION over Ethernet until the lockout duration
has passed, even if USER01 enters the correct password. However, if the user enters
the correct USER/password combination before being locked out, the invalid attempt
counter is reset to zero. Even if the user is locked out using ION over Ethernet, that
user can still access the device by entering the correct USER/password combination
over a different protocol and communications method (for example, connecting to the
device's RS-485 serial port using Modbus protocol).
Security
7EN05-0336-01