Index | Prev | Next

About station security

Security begins with the way you configure and monitor each station. It involves setting up secure communication, secure email, secure user credentials, and configuring components, categories, hierarchies, and roles to grant users access only to the system objects they need to do their jobs. Ultimately, your system will only be secure if you take full advantage of Niagara 4’s security features, and if you configure your network effectively. Although the defaults are designed to be as secure as possible, your system will remain vulnerable if you rely solely on factory defaults. The aspects of station security that require configuration are settings for secure communication, user authentication, and authorization management.
  • Secure communication provides:
    • Server identity verification, which prevents man-in-the-middle and spoofing attacks. To set up the digital certificates that verify server identity, you use the Certificate Manager view.
    • Data encryption (foxs/https/platformtls), which prevents eavesdropping during the actual transmission of data. You define the key size used to encrypt data transmission when you create each certificate.
    • Secure email communication. To configure email security, you use the EmailService.
  • User authentication protects against malicious access by ensuring that only legitimate users (human or station) can log in using Workbench or a web browser. You use the AuthenticationService to activate the authentication schemes the station needs, and the UserService to assign the authentication scheme and login credentials to individual users (human or another station). You can add multiple schemes, each of which may be used by a different user.
  • Authorization management involves the following:
    • Defines which component slots, files, and histories are accessible
    • Defines which users may modify them
    • Defines what modifications users may make Niagara use role-based access control, where users are assigned roles that are mapped to component permissions.
    You use the CategoryService to set up component categories (groups of components), the RoleService to assign permissions, and the UserService to assign roles to users.
 NOTE: Platform security is beyond the scope of this document. 

Related Links

  • Security precautions
  • Security best practices
  • Security Dashboard overview
  • Vulnerability management tools

    • Index | Prev | Next