Pakbus; Web Services; Http; Https - Campbell CR300 Series Product Manual

One lower case letter
l
One digit
l
One special character
l
The green, blue, and red icons may also show the potential severity of a security vulnerability.
Green: good, no action needed
l
Blue: advisory information
l
Red: action recommended
l

20.2.1.1 PakBus

PakBus encryption is the best data logger option to secure PakBus communications. Setting a
PakBus Encryption (AES-128) Key in Device Configuration Utility forces PakBus data to be
encrypted during transmission. The Security Check will check if the data logger has a PakBus
Encryption Key set and a PakBus/TCP Password.
When neither of these is set, the Security Check will indicate that action is recommended.
The Security Check will not suggest setting a PakBus/TCP password if PakBus Encryption is
already enabled. However, a PakBus/TCP password can be used with PakBus Encryption.

20.2.1.2 Web services

The Security Check will check to see if HTTP or HTTPS is enabled. If these protocols are not being
used but are enabled, we recommend disabling them.

HTTP

HTTP, enabled by default, is an insecure protocol and can allow access to data logger data,
settings, and programming. HTTP should only be enabled if it is required, and the data logger is
on a secure network. If the data logger is not using web API or a hosted web page then HTTP
should be disabled. If HTTP protocol is used, a .csipasswd file and user accounts should also
be used.
See The .csipasswd file (p. 155) and

HTTPS

HTTPS is a secure protocol but does allow access to data logger data, settings, and
programming. HTTPS should only be enabled if it is required. If the data logger is not using web
API or a hosted web page then HTTPS should be disabled. If HTTPS protocol is used, a
Web interface (p. 157) for more information.
20. Installation 145