24 | About the Radio
Aprisa SR+ User Manual 1.11.1
Security
The Aprisa SR+ provides security features to implement the key recommendations for industrial control
systems. The security provided builds upon the best in class from multiple standards bodies, including:
•
IEC/TR 62443 (TC65) ‘Industrial Communications Networks –
Network and System Securi
ty’
•
IEC/TS 62351 (TC57) ‘Power System Control and Associated Communications –
Data and
Communication Security’
•
FIPS PUB 197, NIST SP 800-38C, IETF RFC3394, RFC3610 and IEEE P1711/P1689/P1685
•
FIPS 140-2: Security Requirements for Cryptographic Modules
The security features implemented are:
•
Data encryption
Counter Mode Encryption (CTR) using Advanced Encryption Standard (AES) 128, 192, 256 bit,
based on FIPS PUB 197 AES encryption (using Rijndael version 3.0)
•
Data authentication
NIST SP 800-38C Cipher Block Chaining Message Authentication Code (CBC-MAC) based on RFC
3610 using Advanced Encryption Standard (AES)
•
Data payload security
CCM Counter with CBC-MAC integrity (NIST special publication 800-38C)
•
Secured management interface protects configuration
•
RADIUS security for remote user authorization, authentication and accounting
•
Account lockout / slowdown user account lockout mechanisms to mitigate brute force password
guessing attacks
•
One-time Password (OTP) recovery provides proofing mechanism that allows an Admin user access
to change the Admin password if the Admin user is permanently locked out
•
Events logging for auditing user access and operation
•
Supported security alerts event options
•
L2 / L3 / L4 Address filtering enables traffic source authorization
•
Proprietary physical layer protocol and modified MAC layer protocol based on standardized IEEE
802.15.4
•
Licensed radio spectrum provides recourse against interference
•
Secure HTTPS access to the radio SuperVisor element management interface, i.e. secure access to
the radio embedded web server
•
Unique self-signed ECC-256 security certificate used for the secure HTTPS management interface
•
Secure Shell (SSH) access to the radio CLI (command line interface) management interface
•
SNMPv3 with Encryption for NMS secure access
•
Secure remote software upgrade using HTTPS protocol
•
Encrypted and signed software file to prevent the loading of non 4RF software
•
Secure USB software upgrade
•
Secure Ethernet port access by user of SCADA / user traffic or management traffic. This is useful to
block any management access from unguarded remote sites.
•
Unused ports can be disabled to prevent unauthorized access
•
Key Encryption Key (KEK) based on RFC 3394, for secure Over The Air Re-keying (OTAR) of encryption
keys
•
User privilege allows the accessibility control of the different radio network users and the user
permissions
Содержание Aprisa SR+
Страница 1: ...January 2021 Version 1 11 1b ...
Страница 2: ......
Страница 10: ......
Страница 72: ......
Страница 86: ......
Страница 317: ...Managing the Radio 317 Aprisa SR User Manual 1 11 1 The Graph Current button presents a graph of current results ...