proficy* hmi/scada - ifix · pdf fileproficy* hmi/scada - ifix configur ing security features...

Click here to load reader

Post on 06-Mar-2018

235 views

Category:

Documents

10 download

Embed Size (px)

TRANSCRIPT

  • Proficy* HMI/SCADA - iFIX C O N F I G U R I N G S E C U R I T Y F E A T U R E S

    V e r s i o n 5 . 5

    J a n u a r y 2 0 1 2

  • All rights reserved. No part of this publication may be reproduced in any form or by any electronic or mechanical means, including photocopying and recording, without permission in writing from GE Intelligent Platforms, Inc.

    Disclaimer of Warranties and Liability

    The information contained in this manual is believed to be accurate and reliable. However, GE Intelligent Platforms, Inc. assumes no responsibilities for any errors, omissions or inaccuracies whatsoever. Without limiting the foregoing, GE Intelligent Platforms, Inc. disclaims any and all warranties, expressed or implied, including the warranty of merchantability and fitness for a particular purpose, with respect to the information contained in this manual and the equipment or software described herein. The entire risk as to the quality and performance of such information, equipment and software, is upon the buyer or user. GE Intelligent Platforms, Inc. shall not be liable for any damages, including special or consequential damages, arising out of the user of such information, equipment and software, even if GE Intelligent Platforms, Inc. has been advised in advance of the possibility of such damages. The user of the information contained in the manual and the software described herein is subject to the GE Intelligent Platforms, Inc. standard license agreement, which must be executed by the buyer or user before the use of such information, equipment or software.

    Notice

    2012 GE Intelligent Platforms, Inc. All rights reserved. *Trademark of GE Intelligent Platforms, Inc.

    Microsoft is a registered trademark of Microsoft Corporation, in the United States and/or other countries.

    All other brands or names are property of their respective holders.

    We want to hear from you. If you have comments, questions, or suggestions about our documentation, send them to the following email address:

    doc@ge.com

  • iii

    Table of Contents

    About This Guide .............................................................................................................................. 1

    Reference Documents .................................................................................................................. 1

    Introduction ....................................................................................................................................... 3

    Protecting Your Process ............................................................................................................... 3

    iFIX Security Concepts ................................................................................................................. 4

    Understanding Security Status ..................................................................................................... 5

    Understanding iFIX Security ............................................................................................................. 7

    Security Files ................................................................................................................................ 8

    Using Security with a File Server .............................................................................................. 8

    Using Security Without a File Server ........................................................................................ 8

    User Accounts .............................................................................................................................. 9

    Group Accounts ............................................................................................................................ 9

    Assigning Privileges................................................................................................................ 11

    Identical User Accounts .......................................................................................................... 12

    Security Areas ............................................................................................................................ 13

    Creating a Recipe User Account ............................................................................................ 13

    Application Features ................................................................................................................... 14

    Assigning Special Application Features ................................................................................. 18

    Run-time Environment Protection ............................................................................................... 18

    Securing Scripts and the Visual Basic Editor ......................................................................... 19

    Securing Pictures and Schedules ........................................................................................... 19

    Electronic Signatures .................................................................................................................. 20

    Protecting SCADA Nodes ........................................................................................................... 21

    Restricting Database Write Access on a Node-by-Node Basis .............................................. 21

    The iFIX Screen Saver ............................................................................................................... 22

    Working with Visual Basic for Applications ................................................................................. 24

  • Configuring Security Features

    iv

    Defining and Assigning Security Privileges .................................................................................... 25

    The Security Configuration Program .......................................................................................... 26

    Exiting from the Security Configuration Program ................................................................... 26

    Working with the Security Toolbox ......................................................................................... 27

    Enabling and Disabling Security ............................................................................................. 27

    Defining Security Areas .............................................................................................................. 27

    Assigning Security Areas ........................................................................................................ 28

    Creating Group and User Accounts............................................................................................ 28

    Limiting Login Time................................................................................................................. 28

    Modifying Group and User Accounts ...................................................................................... 29

    Deleting Group and User Accounts ........................................................................................ 29

    iFIX Automatic Login .................................................................................................................. 29

    Creating a Public Account ...................................................................................................... 30

    Deleting an Automatic Login Configuration ............................................................................ 30

    Importing and Exporting the Security Configuration ................................................................... 30

    Importing User Account Passwords ....................................................................................... 31

    Defining the Security Path .......................................................................................................... 31

    Defining the Backup Path ....................................................................................................... 32

    Configuring Global Security Paths .............................................................................................. 32

    Restricting Access in the Run-time Environment ....................................................................... 33

    Example: Securing the Run-time Environment ...................................................................... 34

    Using iFIX Security ......................................................................................................................... 37

    Logging in to iFIX Manually ........................................................................................................ 37

    Changing the Account Password ........................................................................................... 38

    Logging out of iFIX Manually ...................................................................................................... 38

    Understanding the Security Log File .......................................................................................... 38

    Using iFIX with Windows Security .................................................................................................. 41

    Configuring Windows User Accounts ......................................................................................... 41

  • Table Of Contents

    v

    Setting Passwords to Expire ................................................................................................... 41

    Limiting the Number of Invalid Login Attempts ..........................................

View more