10 security – Campbell Scientific CR800 and CR850 Measurement and Control Systems User Manual

Section 5. System Overview

70 

Figure 28: Custom menu example

5.1.10 Security

CR800 applications may include the collection of sensitive data, operation of
critical systems, or networks accessible by many individuals. The CR800 is
supplied void of active security measures. By default, RS-232, Telnet, FTP and
HTTP services, all of which give high level access to CR800 data and programs,
are enabled without password protection.

Campbell Scientific encourages CR800 users who are concerned about security,
especially those with exposure to IP threats, to send the latest operating system to
the CR800 (available at www.campbellsci.com) and to disable un-used services
and secure those that are used. Actions to take may include the following:

• Set passcode lockouts
• Set PakBus/TCP password
• Set FTP username and password
• Set AES-128 PakBus encryption key
• Set .csipasswd file for securing HTTP and Web API
• Track signatures
• Encrypt program files if they contain sensitive information
• Hide program files for extra protection
• Secure the CR800 datalogger and power supply under lock and key.

Note All security features can be subverted through physical access to the
CR800. If absolute security is a requirement, the CR800 datalogger must be kept
in a secure location.