Security Dashboard View (nss-SecurityDashboardView)

The Security Dashboard is the main view for the Security Service. The view provides for administrators and other authorized users a snapshot of the security configuration of your station.

A license feature controls whether you can see the System View in the Security Dashboard. System View provides security details for each subordinate station in the NiagaraNetwork. To enable the System View feature, you need the “securityDashboard” license feature with the “system” attribute set to “true”. Without this setting, you see only the station dashboard (Station View) for the local station.

NOTE: The Security Dashboard transmits sensitive information. To minimize security risks, use the Foxs (secure Fox) protocol to manage platform connections. Also, the HTTPS protocol is enforced for secure communication over the network. The Security Dashboard View is not accessible over HTTP.

CAUTION: The Security Dashboard View presents sensitive data. Users should be made aware of this and take necessary precautions to safe-guard the information. For example, a user should not walk away from the PC while the view is open for others to see. We recommend that any user who has access to the dashboard should be configured for auto-logoff.

Figure 24. Example Security Dashboard View

CAUTION: The Security Dashboard View may not display every possible security setting, and should not be considered as a guarantee that everything is configured securely. In particular, third party modules may have security settings that do not register to the dashboard.

For each “card” included in the view, a number of security-related items (for example. security settings on the FoxService shown in the FoxService card) are listed. Each card displays a status color which reflects the lowest status of any of its items. That is, if any item is red (alert), the card’s status color is red. Similarly, each item listed in a card has a status displayed as a color flag (highest-to-lowest): ”Info”, OK”, “Warning”, or “Alert”) as gray, green, yellow, or red icons.

Gray Info icon () indicates secondary information. For example, there is an info level that states how many users are in the station. You don’t need to take a particular action. It is just presented for consideration.
Green OK icon () indicates the item’s security status is good.
Yellow Warning icon () indicates a warning status on the item which means that the setting should be examined and possibly changed.
Red Alert icon () indicates an alert status on the item. The setting raises a security concern and should probably be changed.

Each card displays several of the most urgent items. If there are more items than fit on a card, a More button at the bottom of the card will pop up the full list of items for that service. Typically, a card provides a hyperlink to that particular service (or to a component) so that you can easily change the configuration. In cases where there is no component to link to, no hyperlink is provided on the card. By default, the links on the individual cards in the Security Dashboard view link directly to the remote station. However, you can configure them using the Station Link Config property on the SecurityService component. For details, see SecurityService (nss-SecurityService).

The Summary card, which is located in the upper left corner, summarizes the number of security status messages for all services on the station. The Summary card features Hide / Show options, which allow you to hide, or show, all messages for one or more security status levels. For example, if you click the Hide option under Warning (as shown below) all of the Warning status messages for each card are hidden from view.

Figure 25. Example Summary card set to Hide all Warning status messages

Services reporting to the Security Dashboard include the following:

Fox Service (e.g. TLS status)
Web Service (e.g. TLS status)
Authentication Service (e.g. weak password strength)
Debug Service (e.g. FINE logs enabled)
Module Permissions (e.g. SEVERE permissions requested)
Module Signatures (e.g. modules unsigned)
Program Objects (e.g. unsigned program objects)
Platform Settings (e.g. TLS status)
File System (e.g. users with write access)
User Service (e.g. super user status

Other services and components may also be reporting to the Security Dashboard.

Additionally, the Dashboard is “pluggable” so that third parties can add their own security warnings for drivers.

Security Dashboard Refresh

In addition to the action available on the SecurityService, there are several ways that you can trigger a data refresh for this view:

Attempting to retrieve the Dashboard data, for example, by viewing the Dashboard when there are no data available yet (possibly because the station has just restarted) triggers a refresh.
An “Execute” action on the NiagaraNetwork > Station > SecurityDashboardDeviceExt > Data Importer refreshes the data for that station.
A time trigger on the NiagaraNetwork > Station > SecurityDashboardDeviceExt > Data Importer that allows you to schedule a refresh. The default is to refresh daily.
The Refresh System Dashboard Data action on the SecurityService takes a String argument. It will refresh any station that matches that String. For example, the string, “Richmond*”, will match any station that starts with Richmond; or “*”will match all stations).
On the System Dashboard View, the card for each station has a Refresh icon () next to the “Generated x time ago” text. Click the icon to trigger a refresh for the station.