Section 8. Operation
Note All security features can be subverted through physical access to the
CR800. If absolute security is a requirement, the physical CR800 must be kept in
a secure location.
8.7.1 Vulnerabilities
While "security through obscurity" may have provided sufficient protection in the
past, Campbell Scientific dataloggers increasingly are deployed in sensitive
applications. Devising measures to counter malicious attacks, or innocent
tinkering, requires an understanding of where systems can be compromised and
how to counter the potential threat.
Note Older CR800 operating systems are more vulnerable to attack than
recent updates. Updates can be obtained free of charge at
www.campbellsci.com.
The following bullet points outline vulnerabilities:
• CR1000KD Keyboard/Display
o Pressing and holding the Del key while powering up a CR800 will
cause it to abort loading a program and provides a 120 second
window to begin changing or disabling security codes in the settings
editor (not Status table) with the keyboard display.
o Keyboard display security bypass does not allow comms access
without first correcting the security code.
o Note These features are not operable in CR1000KDs with serial
numbers less than 1263. Contact Campbell Scientific for information
on upgrading the CR1000KD operating system.
• LoggerNet
o All datalogger functions and data are easily accessed via RS-232
and Ethernet using Campbell Scientific datalogger support software.
o Cora command find-logger-security-code
• Telnet
o Watch IP traffic in detail. IP traffic can reveal potentially sensitive
information such as FTP login usernames and passwords, and server
connection details including IP addresses and port numbers.
o Watch serial traffic with other dataloggers and devices. A Modbus
capable power meter is an example.
o View data in the Public and Status tables.
To Next Page
Loading...
