Index | Prev | Next

Security Dashboard View (nss-SecurityDashboardView)

The Security Dashboard is the main view for the Security Service. The view provides for administrators and other authorized users a snapshot of the security configuration of your station.

A license feature controls whether you can see the System View in the Security Dashboard. System View provides security details for each subordinate station in the NiagaraNetwork. To enable the System View feature, you need the “securityDashboard” license feature with the “system” attribute set to true. Without this setting, you see only the station dashboard (Station View) for the local station.

The Security Dashboard view is available in the following locations:

  • Services > Security Service
  • Drivers > Niagara Network > {station name} > Security Dashboard Device Ext
  • Drivers > Niagara Network > {directly connected station name} > SysDef > Reachable Stations > {reachable station name} > Security Dashboard Device Ext (as of Niagara 4.14).

 NOTE: The Security Dashboard transmits sensitive information. To minimize security risks, use the Foxs (secure Fox) protocol to manage platform connections. Also, the HTTPS protocol is enforced for secure communication over the network. The Security Dashboard View is not accessible over HTTP. 
Figure 26.   Example Security Dashboard View
Image

 CAUTION: The Security Dashboard View may not display every possible security setting, and should not be considered as a guarantee that everything is configured securely. In particular, third party modules may have security settings that do not register to the dashboard. 
For each “card” included in the view, a number of security-related items (for example. security settings on the FoxService shown in the FoxService card) are listed. Each card displays a status color which reflects the lowest status of any of its items.

  • Gray Info icon (Image) indicates secondary information. For example, there is an info level that states how many users are in the station. You don’t need to take a particular action. It is just presented for consideration.
  • Green OK icon (Image) indicates the item’s security status is good.
  • Yellow Warning icon (Image) indicates a warning status on the item which means that the setting should be examined and possibly changed.
  • Red Alert icon (Image) indicates an alert status on the item. The setting raises a security concern and should probably be changed.

Each card displays several of the most urgent items. If there are more items than fit on a card, a More button at the bottom of the card will pop up the full list of items for that service. Typically, a card provides a hyperlink to that particular service (or to a component) so that you can easily change the configuration. In cases where there is no component to link to, the pane provides no hyperlink. By default, the links on the individual cards in the Security Dashboard view link directly to the remote station. However, you can configure them using the Station Link Config property on the SecurityService component. For details, see SecurityService (nss-SecurityService).

The Summary card, which is located in the upper left corner, summarizes the number of security status messages for all services on the station. The Summary card features Hide / Show options, which allow you to hide, or show, all messages for one or more security status levels. For example, if you click the Hide option under Warning (as shown below) all of the Warning status messages for each card are hidden from view.

Figure 27.   Example Summary card set to Hide all Warning status messages
Image

Services reporting to the Security Dashboard include the following:

  • Fox Service (for example, TLS status)
  • Web Service (for example, TLS status)
  • Authentication Service (for example, weak password strength)
  • Debug Service (for example, FINE logs enabled)
  • Module Permissions (for example, SEVERE permissions requested)
  • Module Signatures (for example, modules unsigned)
  • Program Objects (for example, unsigned program objects)
  • Platform Settings (for example, TLS status)
  • File System (for example, users with write access)
  • User Service (for example, super user status)
  • Syslog Settings (for example, Transport protocol status)

Other services and components may also be reporting to the Security Dashboard.

Additionally, the Dashboard is “pluggable” so that third parties can add their own security warnings for drivers.

Security Dashboard Refresh

In addition to the action available on the SecurityService, there are several ways that you can trigger a data refresh for this view:

  • Attempting to retrieve the Dashboard data, for example, by viewing the Dashboard when there are no data available yet (possibly because the station has just restarted) triggers a refresh.
  • An Execute action on the NiagaraNetwork > Station > SecurityDashboardDeviceExt > Data Importer refreshes the data for that station.
  • A time trigger on the NiagaraNetwork > Station > SecurityDashboardDeviceExt > Data Importer that allows you to schedule a refresh. The default is to refresh daily.
  • The Refresh System Dashboard Data action on the SecurityService takes a String argument. It will refresh any station that matches that String. For example, the string, “Richmond*”, will match any station that starts with Richmond; or “*”will match all stations).
  • On the System Dashboard View, the card for each station has a Refresh icon (Image) next to the “Generated x time ago” text. Click the icon to trigger a refresh for the station.

Related Links

  • Plugins (views) (Parent Topic)

    • Related Concepts

  • Security Dashboard overview

    • Related References

  • About the SAML IdP Service
  • SAML Id P Service (saml-SAMLIdPService)
  • Circle of Trust Editor (saml-CircleOfTrust)

    • Index | Prev | Next