Protection of access to devices
Protection of access to devices is one of the most important tasks that need to be solved while ensuring the security of the object of protection.
The firmware version 10.15 of the devices provides opportunities for protection from unauthorized access and malicious modification of instrument parameters. By monitoring connections to the device via USB, the duty operator of the“Security Center” can promptly notice unauthorized access to the object. Using a mandatory password request when connecting to the device via USB, not only ensures the security of the object, but also creates unfavorable conditions for intruders.
Important: To work with the firmware version 10.15, the Hubble Configurator isrequired version 5.11 и higher.
Control of connection to the device via USB
Monitoring the connection to the device via USB is designed to notify the PSC about access to the object of protection and possible change of the device settings.
Each time you connect to the device via USB, an event with the E627 code is generated; when it is disconnected, an event with the E628 code. This happens regardless of whether the Hubble configuratoris running on the computer to which the device is connected, or not.
Receiving events with code E627 or E628, the duty operator of the Security Center is able to assess the situation at the facility. For example, when carrying out technical work at the facility, the operator can track the moment of connecting the engineer to the device and the moment of its disconnection from the device. In case the engineer’s access to the object was not planned, the operator may suspect unauthorized access and take appropriate measures.
Entering the password when connected to the device via USB
Mandatory password authentication when connected to the device via USB is another way to ensure security.
If, when connected to the device via USB, anincorrect password is entered, the device generates an event with the code E750. Thus, the duty operator of the Security Center is informed of possible unauthorized access to the object. In addition, if you enter the wrong password, the response is delayed. This reduces the brute force rate and makesthe break-in much more difficult.
You cannot disable the password request. Ifthe data protection of the device using authentication seems unnecessary toyou, use the standard password to access the object.
By default the password to connect to the device via USB is 0000. To increase security, you should change the standard access password to anew one. Password length can be from 4 to 16 digits. It is recommended to set a password consisting of the maximum allowable number of digits.
You can change the password for connecting to the device via USB in two ways:
- Using the Hubble configurator, connect to the instrument, enter the current password to connect to the instrument via USB, and launch the Hubble configurator. In the configurator, select the “Miscellaneous” tab and click on the “Change password to access the instrument” button in the “Configuration protection” section
- Enter the object's web configurator through the Engineer Panel. Using the web configurator, changing the current password for connecting to the device via USB occurs without entering it. Thus, changing the password remotely, using the web configurator, allows you to set the most complex passwords for connecting to the device via USB, without memorizing them. At the same time, if you need to locally connect to the device and configure using the Hubble configurator, you can temporarily change the complex password to a simple one.
To configure the device using the web configurator, you need a stable connection of the device with the"Cloud". When using Nord RF series devices, as well as in case of poor GPRS communication in the absence of an Ethernet communication channel or in the absence of GPRS and Ethernet communication channels, it may not be possible to connect remotely to the device. In this case, the password for connecting to the device via USB should be remembered.
If the password is lost, and the remote connection to the device is impossible, you can restore access to the deviceonly by resetting the values of all its parameters to the factory settings.This will remove all instrument settings, including cables, users, partitions, etc., and the password for connecting to the instrument via USB will become the default.
The reset function can be enabled and disabled for a specific device. To do this, run the Hubble Configurator and select the Miscellaneous tab. In the "Configuration Protection" section, you must respectively check or uncheck the checkbox "Allow resetting parameter values to factory settings". Configuration reset can be configured not only in the Hubble configurator, but also remotely using the web configurator.
By allowing the reset of parameter values, you can set a pause before resetting. By default, this parameter is set to 30 seconds, but you can choose a value of 5 minutes, 30 minutes, 12 hours, or 24 hours.
If the configuration reset function is enabled, the password entry window will contain the “Reset Configuration” button.
When you click on the “Reset configuration” button, the device generates an event with the code E752 and starts counting the specified pause.
It is recommended to set the maximum values of the Pause before Reset parameter, since such a delay provides additional protection. In case the device’s configuration is reset by an intruder, the PSC has time to respond to unauthorized access to the device.
If the procedure for resetting the parametervalues is to be stopped, before the pause is over, you should click on the "Cancel" button. When you cancel the reset configuration, the device generates an event with the code R752.