How to Use Data Logger Security Codes
经过Janet Albers|更新时间:06/28/2017 |评论:2
安全码是最古老的获得方法data logger. They can effectively prevent innocent tinkering and discourage wannabe hackers—actions that could potentially wreak havoc on the integrity of your data. In this article, I’ll discuss the different security codes and how to use them to secure your data and settings.
Up to three levels of data logger security can be set. For a CR1000 or newer data logger, valid security codes are 1 through 65535. (0 is no security.) We recommend that you use a unique code for each of the three levels.
使用银行作为类比,3级是银行的前门;如果它被锁定,没有钥匙没有人进入。2级是您可以访问某些信息但并非所有信息的接收区域。1级是拱顶;使用正确的拱顶组合,您可以访问所有内容。
在可以设置级别2(接收区域)之前必须设置1级(Vault),并且必须在设置级别3(前门)之前设置级别2。如果一个电平设置为0,则任何大于它的级别也将被设置为0.例如,如果级别2为0,则等级3也是0。
安全级别以相反的顺序解锁:第3级之前第2级之前级别1.当级别解锁时,任何大于它的级别也会解锁。例如,解锁级别1(输入级别1安全代码或Vault的组合)也解锁了级别2和3,可以访问所有数据记录器设置和功能。
To set the security codes for your data loggers, we recommend that you use the设备配置实用程序. Communication settings, such as the PakBus address, are accessed through the Settings Editor. Setting a level 1 Security Code will restrict others from making changes to these network settings. Setting a level 2 Security Code means that only those with the security code for level 2 can make changes to a data logger clock. The following table highlights how setting the different levels affects your ability to make changes or access information:
| Function | When level 1 is set | 级别2设置时 | When level 3 is set |
CR1000 Program |
无法更改或检索程序。 |
所有通信都被禁止。 |
|
Settings Editor and Status Table |
可写变量无法更改。 |
||
Setting Clock |
不受治的 |
Cannot change or set the clock. |
|
Public Table |
不受治的 |
Writeable variables cannot be changed. |
|
收集数据 |
不受治的 |
不受治的 |
|
In this image, all three levels are set:
After a data logger has security enabled, you can give trusted individuals varying levels of access. The network administrator (or the person responsible for updating data logger programs and communications) should have the highest level of access, or Security Code 1. In contrast, someone who only needs to collect data can have Security Code 3.
要在数据记录器支持软件中存储安全代码,请按照下列步骤操作:
- 转到设置屏幕。
- 在EZSetup向导中,转到数据记录器设置and click the下一个按钮。
- 输入您的安全代码,然后单击Finish按钮。
在下面的图像中,输入级别3的安全代码;数据收集不受限制,但对时钟和其他设置的更改被阻止了:
数据记录器安全码是保持控制谁可以更改的重要数据记录器设置的一种方法。它是一个很好的硬件管理惯例,只能让人们只能访问他们需要的东西,而不是更多。If you have any questions or comments about setting your levels of security, post them below.
关于the Author
珍妮特阿尔伯尔斯持有技术通信经理的标题;她的办公室门以上的标志说,“教练”。她将分享提示,简化概念,并指导您成功的项目。她一直在Campbell S万博matex网页登录cientific,Inc。比CR1000更长,但不仅仅是CR10X。下班后,珍妮特和她的男孩和狗一起享受户外活动。
Comments
Rene.Astudillo|06/14/2021在06:35 AM
你好珍妮特,
I am looking for some guide for configuring a CR6 datalogger ussing TLS 2.1 for communicating with a DNP3 server.
在我们的情况下,DNP3在防火墙下,通信是在VPN上。
CR6具有使用TLS工作的选项,以及
具体而言,PEM文件。
At this point, some question cam to my mind, for example:
In this case, the CA certificate, who generates it and who does the negotiation, the DNP3 Server?.
By the other hands, if the DNP3 Server is not in charge for negotiating the CA certificate, who is?, the VPN server ?
我们尝试使用CR1000连接此DNP3服务器,无法实现CR1000在CRBASIC中不支持DNP3功能上的TLS。
你有一些我可以使用的指南吗?
Thanks so much for any help you can give me.
Best regards,
René
rene.astudillo@neyenmapu.cl.
rene.astudillo.bgl@gmail.com.
+56 9 7958 8215
纳撒纳尔|06/14/2021 at 12:03 PM
CA会生成并签署您使用用途通信的服务器的证书。该证书及其关联的密钥附加到您的服务器。服务器(DNP3 Server)是您实际使用安全连接的服务器。Datalogger和DNP Server Exchange键,运行一些数学,彼此连接。CR1000在合理的时间(在服务器停止侦听时,在超时之前计算TLS证书的数学以计算TLS证书的数学太慢了。因此,只有CR6,CR1000X等较新的记录器支持,我也认为CR300系列。这是否回答了你的问题?
请登录或注册to comment.