Additional security measures
Following are some additional security measures that may be taken to secure your data logger.
Security codes
The data logger employs a security scheme that includes three levels of security. Security codes can effectively lock out innocent tinkering and discourage wannabe hackers on all communications links. However, any serious hacker with physical access to the data logger or to the communications hardware can, with only minimal trouble, overcome the five-digit security codes. Security codes are held in the data logger 
Settings Editor An editor for observing and adjusting settings. Settings Editor is a feature of LoggerNet>Connect, PakBus Graph, and Device Configuration Utility..
The preferred methods of enabling security include the following:
- Device Configuration Utility Software tool used to set up data loggers and peripherals, and to configure PakBus settings before those devices are deployed in the field and/or added to networks. Also called DevConfig.: Security codes are set on the Deployment> Datalogger tab.
- Network Planner Campbell Scientific software designed to help set up datal oggers in PakBus networks so that they can communicate with each other and the LoggerNet server. For more information, see https://www.campbellsci.com/loggernet.: Security codes can be set as data loggers are added to the network.
Alternatively, in CRBasic the SetSecurity() instruction can be used. It is only executed at program compile time. This is not recommended because deleting SetSecurity() from a CRBasic program is not equivalent to SetSecurity(0,0,0). Settings persist when a new program is downloaded that has no SetSecurity() instruction.
Up to three levels of security can be set. Valid security codes are 1 through 65535 ( 0 confers no security). Security 1 must be set before Security 2. Security 2 must be set before Security 3. If any one of the codes is set to 0, any security code level greater than it will be set to 0. For example, if Security 2 is 0 then Security 3 is automatically set to 0. Security codes are unlocked in reverse order: Security 3 before Security 2, Security 2 before Security 1.
|
Functions affected by security codes |
|||
|---|---|---|---|
| Function | Security code 1 set | Security code 2 set | Security code 3 set |
| data logger program | Cannot change or retrieve | All communications prohibited | |
|
Settings editor |
Writable variables cannot be changed | ||
| Setting clock | unrestricted | Cannot change or set | |
| Public table | unrestricted | Writable variables cannot be changed | |
| Collecting data | unrestricted | unrestricted | |
See Security(1), Security(2), Security(3) for the related fields in the Settings Editor.
CRBasic
Encrypt program files if they contain sensitive information. See CRBasic help FileEncrypt() or use CRBasic Editor > File > Save and Encrypt.
Hide program files for extra protection. See CRBasic help FileManage() instruction.
Other
Monitor your data logger for changes by tracking program and operating system signatures, as well as CPU file contents.
Secure the physical data logger and power supply under lock and key.
Some security features can be subverted through physical access to the data logger. If absolute security is a requirement, the physical data logger must be kept in a secure location.
Some options to secure your data logger from mistakes or tampering include:
-
Setting a PakBus/TCP password. The
PakBus ® A proprietary communications protocol developed by Campbell Scientific to facilitate communications between Campbell Scientific devices. Similar in concept to IP (Internet Protocol), PakBus is a packet-switched network protocol with routing capabilities. A registered trademark of Campbell Scientific, Inc. TCP password controls access to PakBus communications over a TCP/IP link. PakBusTCP passwords can be set in Device Configuration Utility Software tool used to set up data loggers and peripherals, and to configure PakBus settings before those devices are deployed in the field and/or added to networks. Also called DevConfig.. -
Disabling FTP or setting an FTP username and password in Device Configuration Utility.
-
Disabling HTTP or creating a user account to secure HTTP (see Device Configuration Utility > Deployment > Network Services > Edit Accounts to make changes.
-
Enabling HTTPS and disabling HTTP. To prevent data collection via the web interface, both HTTP and HTTPS must be disabled.
For additional information on data logger security, see:
