beautypg.com

2 pass-code lockout – Campbell Scientific CR800 and CR850 Measurement and Control Systems User Manual

Page 72

background image

Section 5. System Overview

72 

 

 

• Get historical records or other files present on the datalogger drive spaces.
• More access is given when a .csipasswd is in place (so make sure users with

administrative rights have strong log-in credentials)

5.1.10.2 Pass-code Lockout

Pass-code lockouts (historically known simply as "security codes") are the oldest
method of securing a Campbell Scientific datalogger. Pass-code lockouts can
effectively lock out innocent tinkering and discourage wannabe hackers on non-IP
based telecommunications links. However, any serious hacker with physical
access to the datalogger or to the telecommunications hardware can, with only
minimal trouble, overcome the five-digit pass-codes blocking access. Systems
that can be adequately secured with pass-code lockouts are probably limited to:

• private, non-IP radio networks
• direct links (hardwire RS-232, short-haul, multidrop, fiber optic)
• non-IP satellite
• land-line, non-IP based telephone, where the telephone number is not

published.

• cellular phone wherein IP has been disabled, providing a strictly serial

connection.

Up to three levels of lockout can be set. Valid pass codes are 1 through 65535 (0
is no security).

Note If a pass code is set to a negative value, a positive code must be entered to
unlock the CR800. That positive code will equal 65536 + (negative security
code). For example, a security code of -1111 must be entered as 64425 to unlock
the CR800.

Methods of enabling pass-code lockout security include the following:

Status table – Security(1), Security(2) and Security(3) registers are writable

variables in the Status table wherein the pass codes for security levels 1
through 3 are written, respectively.

• external keyboard / display settings
Device Configuration Utility (DevConfig) – Security passwords 1 through 3

are set on the Deployment tab

SetSecurity() instruction – SetSecurity() is only executed at program

compile time. It may be placed between the BeginProg and Scan()
instructions.

Note Deleting SetSecurity() from a CRBasic program is not equivalent to
SetSecurity(0,0,0). Settings persist when a new program is downloaded that has
no SetSecurity() instruction

Level 1 must be set before Level 2. Level 2 must be set before Level 3. If a level
is set to 0, any level greater than it will also be set to 0. For example, if level 2 is
0 then level 3 is automatically set to 0. Levels are unlocked in reverse order: level
3 before level 2, level 2 before level 1. When a level is unlocked, any level

See also other documents in the category Campbell Scientific Measuring instruments: