GE Multilin C60 Breaker Protection System 5-15
5 SETTINGS 5.2 PRODUCT SETUP
5
4. Click OK to save the changes.
d) CYBERSENTRY SECURITY
The EnerVista software provides the means to configure and authenticate UR using either server or device or authentica-
tion. Access to various functionality depends on user role.
The login screen of EnerVista has two options for access to the UR, server and device authentication.
Figure 5–2: LOGIN SCREEN FOR CYBERSENTRY
When the "Server" Authentication Type option is selected, the UR uses the RADIUS server and not its local authentication
database to authenticate the user.
When the "Device" button is selected, the UR uses its local authentication database and not the RADIUS server to authen-
ticate the user. In this case, it uses built-in roles (Administrator, Engineer, Supervisor, Operator, Observer, or Administrator
and Supervisor when Device Authentication is disabled) as login accounts and the associated passwords are stored on the
UR device. In this case, access is not user-attributable. In cases where user-attributable access is required, especially for
auditable processes for compliance reasons, use server authentication (RADIUS) only.
No password or security information is displayed in plain text by the EnerVista software or UR device, nor are they ever
transmitted without cryptographic protection.
Only (TCP/UDP) ports and services that are needed for device configuration and for customer enabled features are
open. All the other ports are closed. For example, Modbus is on by default, so its TCP port number, 502, is open.
But if Modbus is disabled, port 502 is closed. This function has been tested and no unused ports have been found
open.
When CyberSentry is enabled, Modbus communications over Ethernet is encrypted, which is not always tolerated by
SCADA systems. The UR has a bypass access feature for such situations, which allows unencrypted Modbus over Ether-
net. The
BYPASS ACCESS setting is available on the SETTINGS  PRODUCT SETUP  SECURITY  SUPERVISORY screen.
Note that other protocols (DNP, 101, 103, 104, EGD) are not encrypted, and they are good communications options for
SCADA systems when CyberSentry is enabled.
CYBERSENTRY SETTINGS THROUGH ENERVISTA
CyberSentry security settings are configured under Device > Settings > Product Setup > Security.
Event Recorder Allows the user to use the digital fault recorder
FlexLogic Allows the user to read FlexLogic values
Update Info Allows the user to write to any function to which they have read privileges. When any of the Settings, Event
Recorder, and FlexLogic check boxes are enabled by themselves, the user is granted read access. When
any of them are enabled in conjunction with the Update Info box, they are granted read and write access.
The user is not granted write access to functions that are not checked, even if the Update Info field is
checked.
Admin The user is an EnerVista UR Setup administrator, therefore receiving all of the administrative rights.
Exercise caution when granting administrator rights.
Table 5–2: ACCESS RIGHTS SUMMARY
FIELD DESCRIPTION
To Next Page
Loading...
Need help?
General
