5-16 F35 MULTIPLE FEEDER PROTECTION SYSTEM – INSTRUCTION MANUAL
PRODUCT SETUP CHAPTER 5: SETTINGS
5
Figure 5-2: Login screen for CyberSentry
When the "Server" Authentication Type is selected, the F35 uses the RADIUS server and not its local authentication
database to authenticate the user.
When the "Device" button is selected, the F35 uses its local authentication database and not the RADIUS server to
authenticate the user. In this case, it uses built-in roles (Administrator, Engineer, Supervisor, Operator, Observer, or
Administrator and Supervisor when Device Authentication is disabled), as login accounts and the associated passwords
are stored on the F35 device. In this case, access is not user-attributable. In cases where user-attributable access is
required, especially for auditable processes for compliance reasons, use server authentication (RADIUS) only.
No password or security information is displayed in plain text by the EnerVista software or the UR device, nor are they ever
transmitted without cryptographic protection.
When CyberSentry is enabled, Modbus communications over Ethernet is encrypted, which is not always tolerated by
SCADA systems. The UR has a bypass access feature for such situations, which allows unencrypted Modbus over Ethernet.
The Bypass Access setting is available on the
SETTINGS PRODUCT SETUP SECURITY SUPERVISORY screen. Note that
other protocols (DNP, 101, 103, 104, EGD) are not encrypted, and they are good communications options for SCADA
systems when CyberSentry is enabled.
CyberSentry settings through EnerVista
CyberSentry security settings are configured under Device > Settings > Product Setup > Security.
Only (TCP/UDP) ports and services that are needed for device configuration and for customer enabled features are
open. All the other ports are closed. For example, Modbus is on by default, so its TCP port 502, is open. But if
Modbus is disabled, port 502 is closed. This function has been tested and no unused ports have been found open.
To Next Page
Loading...
