8.11.2 Pass-Code Lockout
Pass-code lockouts (historically known in Campbell Scientific dataloggers simply
as "security codes") are the oldest method of securing a datalogger. Pass-code
lockouts can effectively lock out innocent tinkering and discourage wannabe
hackers on non-IP based telecommunication links. However, any serious hacker
with physical access to the datalogger or to the telecommunication hardware can,
with only minimal trouble, overcome the five-digit pass-codes. Systems
adequately secured with pass-code lockouts are probably limited to,
• private, non-IP radio networks
• direct links (hardwire RS-232, short-haul, multidrop, fiber optic)
• non-IP satellite
• land-line, non-IP based telephone, where the telephone number is not
published
• cellular phone wherein IP has been disabled, providing a strictly serial
connection
Up to three levels of lockout can be set. Valid pass codes are 1 through 65535 (0
confers no security).
Note Although a pass code can be set to a negative value, a positive code must be
entered to unlock the CR1000. That positive code will equal 65536 + (negative
security code). For example, a security code of -1111 must be entered as 64425 to
unlock the CR1000.
Methods of enabling pass-code lockout security include the following:
• Status table – Security(1), Security(2) and Security(3) registers are writable
variables in the Status table wherein the pass codes for security levels 1
through 3 are written, respectively.
• CR1000KD Keyboard Display settings
• Device Configuration Utility (DevConfig) – Security passwords 1 through 3
are set on the Deployment tab.
• SetSecurity() instruction – SetSecurity() is only executed at program
compile time. It may be placed between the BeginProg and Scan()
instructions.
Note Deleting SetSecurity() from a CRBasic program is not equivalent to
SetSecurity(0,0,0). Settings persist when a new program is downloaded that has
no SetSecurity() instruction.
Level 1 must be set before Level 2. Level 2 must be set before Level 3. If a level
is set to 0, any level greater than it will be set to 0. For example, if level 2 is 0
then level 3 is automatically set to 0. Levels are unlocked in reverse order: level 3
before level 2, level 2 before level 1. When a level is unlocked, any level greater
than it will also be unlocked, so unlocking level 1 (entering the Level 1 security
code) also unlocks levels 2 and 3.
Functions affected by each level of security are:
• Level 1 — Collecting data, setting the clock, and setting variables in the
Public table are unrestricted, requiring no security code. If Security1 code is
entered, read/write values in the Status table can be changed, and the
datalogger program can be changed or retrieved.
469
To Next Page
Loading...
Need help?
General
