Topic: DMD0260

System Security Overview

Multiple User Accounts

System security is more than simply allowing or denying the ability to connect to a Do-more controller based on a user ID and password. System security involves the creation of accounts that will allow or deny access to the different resources in the controller. By creating multiple accounts, each with different levels of access, you can efficiently control who has access to the controller and what each of those users can and cannot do with the resources in the controller.

Click here to see the Help Topic on creating user accounts.

Session-based Communication

Many Do-more controllers will be installed on networks that have varying degrees of isolation. This can cause security concerns for programmers and OEMs who need to have communication with the controller be restricted to authorized personnel only. To this end, the Do-more Designer programming software uses communication sessions any time that the software is online with the controller.

When communication sessions are established, they are done so with a unique ID, and all communication packets must contain that ID. Any packets received without that ID are discarded by the controller. This prevents unauthorized access of the controller, and also prevents other computers on the network from accidentally accessing the wrong controller.

Session-based communication also uses a timeout system that will terminate a session after a period of time with no communication between the programming software and the controller. The session must be re-established before communication can continue.

Click here to see the Help Topic on Communication Links.

Protocol-specific Memory

Do-more controllers allow access by external devices that are using Modbus/TCP, Modbus/RTU, and KSequence protocols. The controllers only allow these external devices access to protocol-specific blocks of memory, they cannot access any of the other memory blocks or directly access the I/O modules in the  system.
 

Click here to see the Help Topic on the memory configuration of Do-more controllers.

Code-Block Protection  

Do-more Designer has options that allow the programmer to secure the contents of user-created code-blocks. These options include restrictions on viewing the contents of the code-block, restrictions on editing the code block, and even encrypting the code-block contents.

Click here to see the Help Topic on configuring the protection for code-blocks.

Write Protect the Operating System

One of the onboard DIP switches is used to allow/disallow the firmware in the controller to be updated.

Click here to see the Help Topic that details the meaning for each of the onboard DIP switches.

Online Sessions Locked Out After Failed Login Attempts

A Do-more controller will refuse requests to open online sessions after 10 failed login attempts in a 2 minute window.

Click here to see the Help Topic for details on Failed Login Attempts.

See Also:

• System Security Overview
   

• User Password Configuration
   

• How to Manually Reset the Password Configuration in the Controller
   

• How to Manually Reset the Password Configuration in the Simulator