2-8
L30 LINE CURRENT DIFFERENTIAL SYSTEM – INSTRUCTION MANUAL
SECURITY
CHAPTER 2: PRODUCT DESCRIPTION
2
2.2.4 Direct transfer tripping
The L30 includes provision for sending and receiving a single-pole direct transfer trip (DTT) signal from current differential
protection among the L30 relays at the line terminals using the pilot communications channel. The user can also initiate an
additional eight pilot signals with an L30 communications channel to create trip, block, or signaling logic. A FlexLogic
operand, an external contact closure, or a signal over the LAN communication channels can be assigned for that logic.
2.3 Security
The following security features are available:
•
Password security — Basic security present by default
•
EnerVista security — Role-based access to various EnerVista software screens and configuration elements. The
feature is present by default in the EnerVista software.
•
CyberSentry security — Advanced security available using a software option. When purchased, the option is
automatically enabled, and the default Password security and EnerVista security are disabled.
2.3.0.1 EnerVista security
The EnerVista security management system is a role-based access control (RBAC) system that allows an administrator to
manage the privileges of multiple users. This allows for access control of UR devices by multiple personnel within a
substation and conforms to the principles of RBAC as defined in ANSI INCITS 359-2004. The EnerVista security
management system is disabled by default to allow the administrator direct access to the EnerVista software after
installation. It is recommended that security be enabled before placing the device in service.
Basic password or enhanced CyberSentry security applies, depending on purchase.
2.3.0.2 Password security
Password security is a basic security feature present by default.
Two levels of password security are provided: command and setting. Use of a password for each level controls whether
users can enter commands and/or change settings.
The L30 supports password entry from a local or remote connection. Local access is defined as any access to settings or
commands via the front panel interface. This includes both keypad entry and the through the front panel RS232 port.
Remote access is defined as any access to settings or commands via any rear communications port. This includes both
Ethernet and RS485 connections. Any changes to the local or remote passwords enables this functionality.
When entering a settings or command password via EnerVista or any serial interface, the user must enter the
corresponding connection password. If the connection is to the back of the L30, the remote password must be used. If the
connection is to the RS232 port of the front panel, the local password applies.
Password access events are logged in the Event Recorder.
2.3.0.3 CyberSentry security
CyberSentry embedded security is available using software options that provide advanced security services. When an
option is purchased, the basic password security is disabled automatically.
CyberSentry provides security through the following features:
•
An Authentication, Authorization, Accounting (AAA) Remote Authentication Dial-In User Service (RADIUS) client that is
centrally managed, enables user attribution, provides accounting of all user activities, and uses secure standards-
based strong cryptography for authentication and credential protection
•
A Role-Based Access Control (RBAC) system that provides a permission model that allows access to UR device
operations and configurations based on specific roles and individual user accounts configured on the AAA server (that
is, Administrator, Supervisor, Engineer, Operator, Observer roles)
•
Security event reporting through the Syslog protocol for supporting Security Information Event Management (SIEM)
systems for centralized cybersecurity monitoring
Содержание L30
Страница 10: ...x L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL TABLE OF CONTENTS ...
Страница 14: ...1 4 L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL FOR FURTHER ASSISTANCE CHAPTER 1 INTRODUCTION 1 ...
Страница 126: ...3 68 L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL CONNECT TO D400 GATEWAY CHAPTER 3 INSTALLATION 3 ...
Страница 214: ...4 88 L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL FLEXLOGIC DESIGN USING ENGINEER CHAPTER 4 INTERFACES 4 ...
Страница 582: ...7 16 L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL TARGETS MENU CHAPTER 7 COMMANDS AND TARGETS 7 ...
Страница 598: ...9 6 L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL TESTING CHAPTER 9 COMMISSIONING 9 ...
Страница 622: ...10 24 L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL FAULT LOCATOR CHAPTER 10 THEORY OF OPERATION 10 ...
Страница 670: ...A 18 L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL FLEXANALOG ITEMS APPENDIX A FLEXANALOG OPERANDS A ...
Страница 678: ...C 6 L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL COMMAND LINE INTERFACE APPENDIX C COMMAND LINE INTERFACE C ...
Страница 682: ...D 4 L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL REVISION HISTORY APPENDIX D MISCELLANEOUS D ...
Страница 686: ...iv L30 LINE CURRENT DIFFERENTIAL SYSTEM INSTRUCTION MANUAL ABBREVIATIONS ...