GE Multilin
G60 Generator Protection System
5-15
5 SETTINGS
5.2 PRODUCT SETUP
5
4.
Click
OK
to save the changes.
d) CYBERSENTRY SECURITY
The EnerVista software provides the means to configure and authenticate UR using either device or server authentication.
The access to various pieces of functionality depends on user role.
The login screen of EnerVista has two options for access to the UR, server and device authentication.
When the "Device" button is selected, the UR uses its local authentication database and not the RADIUS server to authen-
ticate the user. In this case, it uses built-in roles (Administrator, Engineer, Supervisor, Observer, Operator) as login
accounts and the associated passwords are stored on the UR device. In this case, access is not user-attributable. In cases
where user-attributable access is required, especially for auditable processes for compliance reasons, use server authenti-
cation (RADIUS) only.
When the "Server" Authentication Type option is selected, the UR uses the RADIUS server and not its local authentication
database to authenticate the user.
No password or security information is displayed in plain text by the EnerVista software or UR device, nor are they ever
transmitted without cryptographic protection.
Only (TCP/UDP) ports and services that are needed for device configuration and for customer enabled features are
open. All the other ports are closed. For example, Modbus is on by default, so its TCP port number, 502, is open.
But if Modbus is disabled, port 502 is closed. This function has been tested and no unused ports have been found
open.
When CyberSentry is enabled, Modbus communications over Ethernet is encrypted, which is not always tolerated by
SCADA systems. The UR has a bypass access feature for such situations, which allows unencrypted Modbus over Ether-
net. This "Bypass Access" setting is available on the
SETTINGS
PRODUCT SETUP
SECURITY
SUPERVISORY
screen.
Note that other protocols (DNP, 101, 103, 104, EGD) are not encrypted, and they are good communications options for
SCADA systems when CyberSentry is enabled.
Event Recorder
Allows the user to use the digital fault recorder
FlexLogic
Allows the user to read FlexLogic values
Update Info
Allows the user to write to any function to which they have read privileges. When any of the Settings, Event
Recorder, and FlexLogic check boxes are enabled by themselves, the user is granted read access. When
any of them are enabled in conjunction with the Update Info box, they are granted read and write access.
The user is not granted write access to functions that are not checked, even if the Update Info field is
checked.
Admin
The user is an EnerVista UR Setup administrator, therefore receiving all of the administrative rights.
Exercise caution when granting administrator rights.
Table 5–2: ACCESS RIGHTS SUMMARY
FIELD
DESCRIPTION
NOTE
Содержание Multilin g60
Страница 10: ...x G60 Generator Protection System GE Multilin TABLE OF CONTENTS INDEX ...
Страница 32: ...1 22 G60 Generator Protection System GE Multilin 1 5 USING THE RELAY 1 GETTING STARTED 1 ...
Страница 130: ...3 68 G60 Generator Protection System GE Multilin 3 4 FIELD AND STATOR GROUND MODULES 3 HARDWARE 3 ...
Страница 160: ...4 30 G60 Generator Protection System GE Multilin 4 3 FACEPLATE INTERFACE 4 HUMAN INTERFACES 4 ...
Страница 486: ...5 326 G60 Generator Protection System GE Multilin 5 10 TESTING 5 SETTINGS 5 ...
Страница 518: ...6 32 G60 Generator Protection System GE Multilin 6 5 PRODUCT INFORMATION 6 ACTUAL VALUES 6 ...
Страница 532: ...7 14 G60 Generator Protection System GE Multilin 7 2 TARGETS 7 COMMANDS AND TARGETS 7 ...
Страница 538: ...8 6 G60 Generator Protection System GE Multilin 8 1 PHASE DISTANCE THROUGH POWER TRANSFORMERS 8 THEORY OF OPERATION 8 ...
Страница 748: ...D 10 G60 Generator Protection System GE Multilin D 1 IEC 60870 5 104 APPENDIX D D ...
Страница 760: ...E 12 G60 Generator Protection System GE Multilin E 2 DNP POINT LISTS APPENDIX E E ...