Security Management
Using security groups and passwords in the HMI panel makes it possible to create a security system for the project. Operators can easily be assigned different authorizations in the project to restrict access to objects and functions. Security group information and passwords are stored in the project database.
It is not necessary to use this function if unrestricted access is acceptable. The security function is a predefined component of the Project Explorer.
General Security Settings
General settings for the security function are available by clicking on Security in the Project Explorer, selecting the Users tab and clicking the Settings button.
Parameter | Description |
---|---|
Select action on access denied | When a users’s access rights are not sufficient to e.g. modify an object or carry out an action, it is possible to display an access denied message or opening a login dialog. Selecting None performs no action. |
Select visibility | When a user with insufficient access rights tries to affect an object, it is possible to specify visibility for those objects: Disabled: Only users with sufficient access rights can affect the object. The object is visible, but disabled, for users with insufficient access rights. Hidden: Only users with sufficient access rights can see the object. The object is invisible for users with insufficient access rights Normal: Only users with sufficient access rights can affect the object. The object looks normal for users with insufficient access rights |
Automatic logout | Checking the box makes it possible to log out users automatically after a certain number of minutes of inactivity. After an automatic logout is executed, a screen jump to the start screen will be performed, if access to the active screen is not granted. |
Note
The automatic logout will not be carried out if a communication error (COM error) is active in the panel. After removing the communication error from the panel, the automatic logout will be performed within the specified time, calculated from when the communication was reestablished.
Password Rules Properties
Allows setting a minimum number of characters for passwords.
Related information |
---|
Security Groups
Security groups are defined on the Groups tab of the security configuration page. When objects and screens have been set up with restricted access, the current user must belong to a specific security group in order to control or see the object or screen.
Creating Security Groups
A new security group in a project is defined by clicking on Security in the Project Explorer, selecting the Groups tab and clicking Add.
Parameter | Description |
---|---|
Name | Any alphanumeric string, beginning with a letter (a-z, A-Z) |
Users | Selection of users defined on the Users tab to be included in the group |
Users Invisible in Runtime | When the box is checked, the users in the current group will not be available for selection from the Login dialog in runtime. It will still be possible to type in the user name and password to login. HMI panel targets only: In order to enable the possibility to manually enter a user name and password, it is necessary to click the “Login” header on the Login dialog in runtime. Doing so and then clicking on the User field will present the user with a keyboard on which a user name can be entered. |
Users
Users and passwords for login are defined on the Users tab of the security configuration page.
Parameter | Description |
---|---|
Name | Any alphanumeric string, beginning with a letter (a-z, A-Z) |
Password | Any alphanumeric string; minimum length according to Password Rules properties. The password is converted to asterisks as you leave the password input cell. |
Description | An optional description of the user |
Groups | Selection of security groups for the user |
It is also possible to add users and change passwords directly in a running project, using the Show Users Dialog action.
Logging In and Logging Out
The login dialog can be displayed in runtime by, for example, clicking a button, for which the Login action has been specified. It is possible to change password from the login dialog.
The login dialog lists all users that have been configured for the current project, except for users in groups for which Users Invisible in Runtime was selected.
It is also possible to configure a general behavior that brings up the login dialog any time a user tries to affect an object that is not within the current user’s access rights. This behavior is configured from the Properties window for the Security function, and selecting ShowLoginDialog for action on access denied.
The Logout action is used to perform a logout.
Users may also be logged out automatically after a certain number of minutes of inactivity by configuring Automatic logout in the Properties window for the Security function.
Note
After logging out, the function Show Previous Screen for function keys and touch keys will be ignored. This is a security feature to prevent unauthorized persons from accessing screens protected by passwords.
Related information |
---|
Object Security and Visibility
Object access can be restricted to a certain security group. Each security group contains a set of users and each user has an individual password. To be able to control an object with a security setting, the user must belong to the defined security group, and has to login.
Object security is controlled by selecting the object, and then opening the Tag/Security group of the Home or General ribbon tabs.
When no security is set for an object, the object will be available to everyone, i.e. login will not be requested.
Note
Security has higher priority than dynamics.
It is not possible to set security on function keys.
The visibility and behavior settings specified in the security manager will be used when a security group is set but no explicit visibility is specified. The following options can be set:
Visibility | Description |
---|---|
Default | The object looks normal and is visible for anyone. |
Disabled | Only users in the selected security groups can affect the object. The object is visible but disabled and greyed out, for users with insufficient access rights. |
Hidden | Only users in the selected security groups can see the object. The object is invisible for users with insufficient access rights. |
Normal | Only users in the selected security groups can affect the object. The object looks normal for users with insufficient access rights. |
Related information |
---|
Cyber Security Best Practice
It is recommended to configure network firewalls to restrict access to the panel. For more information, contact your IT administrator. Some procedures, for example updating Image, requires access to panel and is then specified in the corresponding instructions in the reference manual.
Caution
Any security measures described in this manual, for example, for user access, password security, network security, firewalls, virus protection, etc., represent possible steps that a user of iX Developer, iX Developer and Runtime may want to consider based on a risk assessment for a particular application and installation. This risk assessment, as well as a proper implementation, configuration, installation, operation, administration, and maintenance of all relevant security related equipment, software and procedures are the responsibility of the user of the iX Developer.
Caution
It is the responsibility of the user of the iX Developer to deploy the product appropriate, including procedures/policies regarding organizational measures with required precautions and measures to ensure iX Developer functionality.
Web Server Security
The web server is disabled by default. It can be enabled on request using the Enable Web server option available in iX Developer. For more information on accessing the Enable Web server option in iX Developer and general handling of web server in controller, refer to iX Developer Web server configuration for more information.
The web server provides a login form, that is used for clients to authenticate, by default. Refer to section Login Form for more information. Replace this with a password that conforms with your organization's security policy at the first possible opportunity. See your organization security policy for setting a password, refer to customer password security configuration.
Caution
If the default password is not replaced, the system will be susceptible to unauthorized access.
The password can be any alphanumeric string. The passwords minimum length is four characters and the maximum length is 20 characters.
FTP Server Security
The FTP Server Security is disabled by default. When enabled, it is possible to upload/download files to or from the HMI panel provided that there is an FTP client program in the development PC, e.g. Internet Explorer, Windows Commander or some other standard FTP program.
It is possible to set up access to the FTP server with login requirements and/or as anonymous. An anonymous user has read-only access rights. A user that logs in with the correct user name and password gets read/write access rights. Refer to Section Servers Group (System Ribbon Tab) for more information.
Remote Server Security
The Remote Access function is disabled by default. The Remote Access function makes it possible to access, reflect and control an HMI panel from a PC by using the free VNC client program Remote Access Viewer together with the built-in VNC server in the HMI panel.
It is possible to set up Remote Access with a view only password and/or a full access password. The view only password allows reflecting the panel remotely; the full access password allows also control of maneuverable objects in the panel.
Only one VNC client can connect to the VNC server. Only available when an HMI panel is selected as target.
Caution
To protect secrecy when entering a password via Remote Access Viewer, it is recommended to use the PC keyboard. Otherwise it is possible that the cursor on the remote HMI panel displays which keys are pressed on the alphanumeric keyboard. Refer to Section Refer to Section Servers Group (System Ribbon Tab) for more information.
OPC UA Security
The OPC UA Server is disabled by default. When enabled by the Enable OPC UA Server option available in an iX Panel, it is possible to publish tags with an OPC UA Server.
A certificate will be auto generated and self-signed when the server first starts up. The certificate will be valid for 20 years. The certificate contains no IP address since this could change after the certificate has been generated.
Note
When a Project is re-downloaded to a panel containing an OPC UA certificate, the user can choose to keep the pki folder (containing the OPC UA certificate). Otherwise, the certificate is deleted and a new one is created.
Limitations | |
---|---|
Discovery | Not supported |
Encoding/Transport | Only UATCP Binary |
User authentication | Only user name/password. Only one account. |
Security | No encryption support. |
Refer to Section Servers Group (System Ribbon Tab) for more information.
Project Transfer Security
Selecting Back Up Project compresses the project and saves it as a ZIP file. The user will be prompted for a path where to save the ZIP file and will also be offered the possibility to password protect the ZIP file.
Upload: Starts the transfer of the ZIP file from the selected target. The user will be prompted for a path where to decompress the ZIP file. If the ZIP file is password protected, the user must enter the password to be able to upload and decompress the ZIP file. Upload is not supported for all panels. If greyed out, please update to latest “System program”.
Verify: The verify function enables the user to check if a target platform configuration is identical to the project configuration. Verify is not supported for all panels. If greyed out, please update to latest “System program”.
Email (Alarm distributor)
User name and password protected if Authenticated Login is selected. Refer to Section Configure Distribution Devices in Reference manual for more information.
Ethernet Printer Devices
User name and password protected if Authenticated Login is selected. Refer to Section Output Devices Group in Reference manual for more information.
Password Settings
Password protection for Remote Access, Web server, OPC UA Server , FTP server is set in design time when creating projects. Any changes to passwords has to be done to the project in design time and the project has to be re-downloaded.
Password protection for Define Security User and Alarm Distributor Security is set in runtime, but can be set in design time as well. Default setting is set to “No password” when enabling a function.
Caution
It is highly recommended to set a password when enabling a new function, especially when it is exposed to the Internet.
Define Security Users
Using security groups and passwords in the HMI panel makes it possible to create a security system for the project. Operators can easily be assigned different authorizations in the project to restrict access to objects and functions.
Security group information and passwords are stored in the project. Security level is set per user group. The security groups are set in design time, and only the members of a security group can be modified in runtime. Refer to Section Security Management for more information.
When a user with insufficient access rights tries to affect an object, it is possible to specify visibility for those objects:
Disabled: Only users with sufficient access rights can affect the object. The object is visible, but disabled, for users with insufficient access rights.
Hidden: Only users with sufficient access rights can see the object. The object is invisible for users with insufficient access rights.
Normal: Only users with sufficient access rights can affect the object. The object looks normal for users with insufficient access rights.
It is recommended to use visibility Hidden for sensitive functions only visible for example service engineers. Refer to Section Security Management for more information.
Note
Security users created in designtime is not possible to remove in runtime.
Audit Trail
The Audit Trail function makes it possible to track operator actions. When enabling the Audit trail function to a project, select which actions to log. No actions are set in the default setting. Refer to Section Audit Trail for more information.
The following actions that can be logged, are specified in the table below:
Show Unit Conversion Dialog | Acknowledge All Alarms | Acknowledge Visible Alarms | Acknowledge Selected Alarm |
Alarm Info | Clear All Alarms | Clear Visible Alarms | Filter Alarms |
Pause Viewer | Enable/Disable Alarms | Zoom In | Zoom Out |
Pan Down | Pan Up | Pan Right | Pan Left |
Trend Viewer History | Show Backlight Settings | Set Date And Time | Set Time Zone, Region And Daylight Saving |
Copy Debug Log to USB Memory | Disable Debug Logger | Enable Debug Logger | Show IP Settings |
Print Screen | Close Application | Run | Show Next Screen |
Show Previous Screen | Show Start Screen | Backup Database | Restore Database |
Database Cleanup | Database Export | Decrement Analog | Increment Analog |
Reset Tag | Set Analog | Set String | Set Tag |
ToggleTag | Open Address Book | Storage Device Detection | Open Routes Configurations |
Clear Data Logger | Log Once | Start Logging | Stop Logging |
Email Configuration | Set Language | Change Active Controllers | Clear Non-volatile Values |
Show User Dialog | Delete Recipe | Load Recipe | End Offline Recipe Editing |
Export Recipe | Import Recipe | Save Recipe | Start Offline Recipe Editing |
Generate Report | Show Screen | Close Screen | Run Script |
Login | Export User Accounts | Import User Accounts | Logout |
Antivirus program
It is recommended to have a antivirus program installed on your PC.
Note
iX Developer has been tested with the following antivirus software:
McAfee Virusscan Enterprise
Symantec Endpoint Protection
Physical Protection
Physical security considerations elaborate measures that shall be in place to prevent unauthorized access via physical channels into the system. Measures can be security guards, locks, limitations in access to the equipment and similar.
iX Developer runtime is supported both on virtual and on physical machines. There is the possibility that removable assets/communication lines can be used in both these systems.
Caution
The user shall implement necessary physical precautions to prevent unauthorized access to the system and to removable assets/communication lines.
Open Ports
Communication drivers uses either dynamic ports or static ports and both are opened for communication. It is not always a fixed port that opens, this differs from driver to driver. Refer to specific driver help file.
Type | Description (Port) | Open by default | |||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
TCP | FTP (21) | No[a] | |||||||||||||||||||||||||||||||||||||||||||||||
TCP | SSH (22) | No | |||||||||||||||||||||||||||||||||||||||||||||||
TCP | HTTP (80) | No[a] | |||||||||||||||||||||||||||||||||||||||||||||||
TCP | DCOM (135) | Yes | |||||||||||||||||||||||||||||||||||||||||||||||
TCP | OPC UA (Default 4840) | No[a] | |||||||||||||||||||||||||||||||||||||||||||||||
TCP | Remote access viewer (Default 5800) | No[a] | |||||||||||||||||||||||||||||||||||||||||||||||
TCP | Alarm distributor, send Email. (Depends on the server) | No[a] | |||||||||||||||||||||||||||||||||||||||||||||||
UDP | Project Transfer (9999) | Yes | |||||||||||||||||||||||||||||||||||||||||||||||
UDP | Netbios (137) | Yes | |||||||||||||||||||||||||||||||||||||||||||||||
UDP | Netbios (138) | Yes | |||||||||||||||||||||||||||||||||||||||||||||||
TCP | Transfer download (9999) | No[b] | |||||||||||||||||||||||||||||||||||||||||||||||
TCP | Alarm server (Default 1000) | No[a] | |||||||||||||||||||||||||||||||||||||||||||||||
TCP/UDP | HASP (1947) | Yes[b] | |||||||||||||||||||||||||||||||||||||||||||||||
TCP | MCER (6510) | Yes[c] | |||||||||||||||||||||||||||||||||||||||||||||||
UDP | IPv6 Support (3544) | Yes[c] | |||||||||||||||||||||||||||||||||||||||||||||||
UDP | IPsec (4500/500) | Yes[c] | |||||||||||||||||||||||||||||||||||||||||||||||
[a] Opened by configuring iX Developer. [b] Opened by the iX Runtime installer. [c] Opened depending on the target type and image version. |
Client ports
The iX Developer can use the ports, presented in the table below, when acting as a client to a server.
Type | Description (Port) |
---|---|
TCP | DHCP (135) |
TCP | DNS (135) |
TCP | WINS (135) |