Topic: DMD0260
System Security Overview
Multiple User Accounts
System security is more than simply allowing or denying the ability
to connect to a Do-more CPU
based on a user ID and password. System security involves the creation
of accounts that will allow or deny access to the different resources
in the CPU. By creating multiple accounts, each with different
levels of access, you can efficiently control who has access to the CPU
and what each of those users can and cannot do with the resources in the
CPU.
Click here to see the Help Topic on creating user accounts.
Session-based Communication
Many Do-more CPUs will be installed on networks that have varying degrees of isolation. This can cause security concerns for programmers and OEMs who need to have communication with the CPU be restricted to authorized personnel only. To this end, the Do-more Designer programming software uses communication sessions any time that the software is online with the CPU.
When communication sessions are established, they are done so with a unique ID, and all communication packets must contain that ID. Any packets received without that ID are discarded by the CPU. This prevents unauthorized access of the CPU, and also prevents other computers on the network from accidentally accessing the wrong CPU.
Session-based communication also uses a timeout system that will terminate a session after a period of time with no communication between the programming software and the CPU. The session must be re-established before communication can continue.
Click here to see the Help Topic on Communication Links.
CPU-specific Services
Some Do-more CPUs have operating system level support for services like a User File System, and the on-board Web Server / REST API. These services can be restricted to users with appropriate login credentials.
Protocol-specific Memory
Do-more CPUs allow access to external devices that are using
Modbus/TCP, Modbus/RTU, and KSequence protocols. The CPUs only
allow these external devices access to protocol-specific blocks of memory,
they cannot access any of the other memory blocks or directly access the
I/O modules in the system.
Click here to see the Help Topic on the memory configuration of Do-more CPUs.
Code-Block Protection
Do-more Designer has options
that allow the programmer to secure the contents of user-created code-blocks.
These options include restrictions on viewing the contents of the code-block,
restrictions on editing the code block, and even encrypting the code-block
contents.
Click here to see the Help Topic on configuring
the protection for code-blocks.
Write Protect the Operating System
One of the on-board DIP switches is used to allow / disallow the firmware in the CPU to be updated.
Click here to seethe Help Topic that details the meaning for each of the on-board DIP switches.
Online Sessions Locked Out After Failed Login Attempts
A Do-more CPU will refuse requests to open online sessions after 10 failed login attempts in a 2 minute window.
Click here to see the Help Topic for details on Failed Login Attempts.
See Also:
System Security Overview
How to Manually Reset the Password Configuration in the CPU
How to Manually Reset the Password Configuration in the Simulator