2-6
L60 LINE PHASE COMPARISON SYSTEM – INSTRUCTION MANUAL
SECURITY
CHAPTER 2: PRODUCT DESCRIPTION
2
Figure 2-3: Access control by passwords and connection type
2.2.0.3 CyberSentry security
CyberSentry security is available using software options that provide advanced security services. When an option is
purchased, the basic password security is disabled automatically.
CyberSentry provides security through the following features:
•
An Authentication, Authorization, Accounting (AAA) Remote Authentication Dial-In User Service (RADIUS) client that is
centrally managed, enables user attribution, provides accounting of all user activities, and uses secure standards-
based strong cryptography for authentication and credential protection
•
A Role-Based Access Control (RBAC) system that provides a permission model that allows access to UR device
operations and configurations based on specific roles and individual user accounts configured on the AAA server (that
is, Administrator, Supervisor, Engineer, Operator, Observer roles)
•
Security event reporting through the Syslog protocol for supporting Security Information Event Management (SIEM)
systems for centralized cybersecurity monitoring
•
Strong encryption of all access and configuration network messages between the EnerVista software and UR devices
using the Secure Shell (SSH) protocol, the Advanced Encryption Standard (AES), and 128-bit keys in Galois Counter
Mode (GCM) as specified in the U.S. National Security Agency Suite B extension for SSH and approved by the National
Institute of Standards and Technology (NIST) FIPS-140-2 standards for cryptographic systems
CyberSentry user roles
CyberSentry user roles (Administrator, Engineer, Operator, Supervisor, Observer) limit the levels of access to various UR
functions. This means that the EnerVista software allows for access to functionality based on the user’s logged in role.
Example:
Administrative functions can be segmented from common operator functions, or engineering type access, all of
which are defined by separate roles so that access of UR devices by multiple personnel within a substation is allowed.
One role of one type is allowed to be logged in at a time. For example, one Operator can be logged in but not a second
Operator at the same time. This prevents subsets of settings from being changed at the same time.
Содержание L60
Страница 10: ...x L60 LINE PHASE COMPARISON SYSTEM INSTRUCTION MANUAL TABLE OF CONTENTS ...
Страница 14: ...1 4 L60 LINE PHASE COMPARISON SYSTEM INSTRUCTION MANUAL FOR FURTHER ASSISTANCE CHAPTER 1 INTRODUCTION 1 ...
Страница 122: ...3 72 L60 LINE PHASE COMPARISON SYSTEM INSTRUCTION MANUAL CONNECT TO D400 GATEWAY CHAPTER 3 INSTALLATION 3 ...
Страница 590: ...5 382 L60 LINE PHASE COMPARISON SYSTEM INSTRUCTION MANUAL TESTING CHAPTER 5 SETTINGS 5 ...
Страница 632: ...7 12 L60 LINE PHASE COMPARISON SYSTEM INSTRUCTION MANUAL TARGETS MENU CHAPTER 7 COMMANDS AND TARGETS 7 ...
Страница 736: ...A 14 L60 LINE PHASE COMPARISON SYSTEM INSTRUCTION MANUAL FLEXANALOG ITEMS APPENDIX A FLEXANALOG OPERANDS A ...
Страница 744: ...C 6 L60 LINE PHASE COMPARISON SYSTEM INSTRUCTION MANUAL COMMAND LINE INTERFACE APPENDIX C COMMAND LINE INTERFACE C ...
Страница 752: ...iv L60 LINE PHASE COMPARISON SYSTEM INSTRUCTION MANUAL ABBREVIATIONS ...