GE B30 Instruction Manual page 149

Ur series bus differential system protection relay
Hide thumbs Also See for B30:
Table of Contents

Advertisement

5 SETTINGS
Table 5–2: ACCESS RIGHTS SUMMARY
FIELD
DESCRIPTION
Event Recorder
Allows the user to use the digital fault recorder
FlexLogic
Allows the user to read FlexLogic values
Update Info
Allows the user to write to any function to which they have read privileges. When any of the Settings, Event
Recorder, and FlexLogic check boxes are enabled by themselves, the user is granted read access. When
any of them are enabled in conjunction with the Update Info box, they are granted read and write access.
The user is not granted write access to functions that are not checked, even if the Update Info field is
checked.
Admin
The user is an EnerVista UR Setup administrator, therefore receiving all of the administrative rights.
Exercise caution when granting administrator rights.
4.
Click OK to save the changes.
d) CYBERSENTRY SECURITY
The EnerVista software provides the means to configure and authenticate UR using either server or device or authentica-
tion. Access to various functionality depends on user role.
The login screen of EnerVista has two options for access to the UR, server and device authentication.
When the "Server" Authentication Type option is selected, the UR uses the RADIUS server and not its local authentication
database to authenticate the user.
When the "Device" button is selected, the UR uses its local authentication database and not the RADIUS server to authen-
ticate the user. In this case, it uses built-in roles (Administrator, Engineer, Supervisor, Operator, Observer, or Administrator
and Supervisor when Device Authentication is disabled) as login accounts and the associated passwords are stored on the
UR device. In this case, access is not user-attributable. In cases where user-attributable access is required, especially for
auditable processes for compliance reasons, use server authentication (RADIUS) only.
No password or security information is displayed in plain text by the EnerVista software or UR device, nor are they ever
transmitted without cryptographic protection.
Only (TCP/UDP) ports and services that are needed for device configuration and for customer enabled features are
open. All the other ports are closed. For example, Modbus is on by default, so its TCP port number, 502, is open.
But if Modbus is disabled, port 502 is closed. This function has been tested and no unused ports have been found
NOTE
open.
When CyberSentry is enabled, Modbus communications over Ethernet is encrypted, which is not always tolerated by
SCADA systems. The UR has a bypass access feature for such situations, which allows unencrypted Modbus over Ether-
net. The
setting is available on the
BYPASS ACCESS
Note that other protocols (DNP, 101, 103, 104, EGD) are not encrypted, and they are good communications options for
SCADA systems when CyberSentry is enabled.
CYBERSENTRY SETTINGS THROUGH ENERVISTA
CyberSentry security settings are configured under Device > Settings > Product Setup > Security.
GE Multilin
Figure 5–2: LOGIN SCREEN FOR CYBERSENTRY
SETTINGS
B30 Bus Differential System
PRODUCT SETUP
SECURITY
5.2 PRODUCT SETUP
screen.

SUPERVISORY
5-15
5

Advertisement

Table of Contents
loading

Table of Contents