Setting security codes (see following information under "Security Codes").
l
Setting a PakBus/TCP password. The PakBus TCP password controls access to PakBus
l
communication over a TCP/IP link. PakBusTCP passwords can be set in Device
Configuration Utility.
Disabling FTP or setting an FTP username and password in Device Configuration Utility.
l
Setting a PakBus encryption (AES-128) key in Device Configuration Utility. This forces
l
PakBus data to be encrypted during transmission.
Disabling HTTP/HTTPS or creating a .csipasswd file to secure HTTP/HTTPS (see
l
Creating a .csipasswd file
Enabling HTTPS and disabling HTTP. To prevent data collection via the web interface, both
l
HTTP and HTTPS must be disabled.
Tracking Operating System, Run, and Program signatures.
l
Encrypting program files if they contain sensitive information (see CRBasic help
l
FileEncrypt()
option).
Hiding program files for extra protection (see CRBasic help
l
Monitoring your data logger for changes by tracking program and operating system
l
signatures, as well as CPU file contents.
Securing the physical data logger and power supply under lock and key.
l
WARNING:
All security features can be subverted through physical access to the data logger. If absolute
security is a requirement, the physical data logger must be kept in a secure location.
16.2.1 TLS
Transport Layer Security (TLS) is an internet communications security protocol. TLS settings are
necessary for server applications, not for client applications.
Example server application instructions include:
HTTPS server
l
DNP3()
l
Example client application instructions include:
HTTPGet(),
l
EmailRelay()
l
EmailSend()
l
FTPClient()
l
Use the Device Configuration Utility to enable and set up TLS. See Deployment > Datalogger >
TLS tab.
(p. 107) for more information).
instruction or use the CRBasic Editor File menu, Save and Encrypt
HTTPPut()
HTTPPost()
and
EmailRecv()
and
FileManage()
instruction).
16. CR300 series maintenance
105