Security: Providing a contained
environment for the distribution
and analysis of information
Technical Paper
December 2002
Abstract
Security: Providing a contained environment for the distribution and analysis of information. CitectSCADA Reports requires a robust and reliable security model that suits each of these types of clients and protects the intellectual property and data of the CitectSCADA Reports customer.
Contacts
support@citect.com
CitectSCADA Reports encompass a wide variety of client-server applications, each with a different focus and purpose. These range from local network clients with direct connections to the CitectSCADA Reports Server through to web clients with indirect access via an Internet Information Service Web Server, as well as 3rd party client applications.
As such, CitectSCADA Reports requires a robust and reliable security model that suits each of these types of clients and protects the intellectual property and data of the CitectSCADA Reports customer.
Local Clients
Local clients (including 3rd party clients) on a local area network (LAN), that connect directly with the CitectSCADA Reports server to acquire their data employ a fairly simple security model, while internet clients such as CitectSCADA Reports web clients employ a far more elaborate mechanism.
Local clients have the security embedded in .DLL files, so that they are not accessible to the user in a scripted or coded form. Password entries are hidden (e.g. ********) as they are entered, and sent over the LAN in binary format. The CitectSCADA Reports Server validates the user name and binary password, and sends a connection session back to the client allowing them to access the published data.
Each time a client requests data, or refreshes their information tree, the CitectSCADA Reports Server revalidates the user name and password for the client session so that data is restricted to only the information that has been published for that user. This mechanism ensures that users only get access to data that they have been given access to, and illegal requests for other data are rejected.
In addition to the security used by CitectSCADA Reports, Microsoft Windows domain security will not let unknown PCs to connect to the network, providing a reasonable level of security confidence in the users who are trying to access the data.
Internet Clients
Internet clients employ a more robust security model, since the user name and password may be transmitted across public domains.
When a user logs into CitectSCADA Reports web client, the password is hidden on entry, and encrypted before being stored in memory. CitectSCADA Reports web client uses a modified Vigenère Square algorithm applied to the password four times, using a transitory key index that changes for each new session.
The user name and password are then sent to the CitectSCADA Reports Web Server which decrypts the password and uses Microsoft’s RPC over DCOM to validate the user with the CitectSCADA Reports Server before returning a connection session to the client using Microsoft’s VB Script Encoder to encrypt the returning message.
Similarly to the local clients, each time an Internet Client requests data, or refreshes the information tree, the user name and password are revalidated by the CitectSCADA Reports Server using Microsoft’s Remote Data Services (RDS) to ensure that only data for which the user has permission is returned to the client application.
Data Restrictions
The security model for all clients includes the automatic facility of CitectSCADA Reports to restrict the user’s view of available information to only the data for which they have permissions. This means that users are not even aware of other information that might be available from the CitectSCADA Reports Server unless they have been assigned privileges to that data.
Summary
Each of the CitectSCADA Reports clients uses a security model appropriate for its purpose, providing a contained environment in which customers may distribute, analyze and manipulate their productivity data.
Disclaimer
Disclaimer of All
Warranties
SCHNEIDER ELECTRIC (AUSTRALIA) PTY LTD DISCLAIMS ANY AND ALL
WARRANTIES WITH RESPECT TO SCHNEIDER ELECTRIC (AUSTRALIA) PTY LTD
PRODUCTS AND THE RELATED DOCUMENTATION, WHETHER EXPRESS OR IMPLIED,
INCLUDING SPECIFICALLY THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A GENERAL OR PARTICULAR PURPOSE. CITECTSCADA AND
THE RELATED DOCUMENTATION ARE PROVIDED "AS IS," AND YOUR COMPANY
UNDERSTANDS THAT IT ASSUMES ALL RISKS OF THEIR USE, QUALITY, AND
PERFORMANCE.
Disclaimer of
Liability
YOUR COMPANY AGREES AND ACKNOWLEDGES THAT SCHNEIDER ELECTRIC
(AUSTRALIA) PTY LTD SHALL HAVE NO LIABILITY WHATSOEVER TO YOUR
COMPANY FOR ANY PROBLEMS IN OR CAUSED BY SCHNEIDER ELECTRIC
(AUSTRALIA) PTY LTD PRODUCTS OR THE RELATED DOCUMENTATION, WHETHER
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL (INCLUDING
LOSS OF PROFITS).
Related Links
Attachments