by Janet Albers | Updated: 06/28/2017 | Comments: 0
Security codes are the oldest method of securing a datalogger. They can effectively prevent innocent tinkering and discourage wannabe hackers—actions that could potentially wreak havoc on the integrity of your data. In this article, I’ll discuss the different security codes and how to use them to secure your data and settings.
Up to three levels of datalogger security can be set. For a CR1000 or newer datalogger, valid security codes are 1 through 65535. (0 is no security.) We recommend that you use a unique code for each of the three levels.
Using a bank as an analogy, level 3 is the front door to the bank; if it is locked, nobody gets in without a key. Level 2 is the reception area where you can access some information but not all. Level 1 is the vault; with the correct combination to the vault, you have access to everything.
Level 1 (the vault) must be set before level 2 (the reception area) can be set, and level 2 must be set before level 3 (the front door) can be set. If a level is set to 0, any level greater than it will also be set to 0. For example, if level 2 is 0, level 3 is also 0.
The security levels are unlocked in reverse order: level 3 before level 2 before level 1. When a level is unlocked, any level greater than it will also be unlocked. For example, unlocking level 1 (entering the level 1 Security Code or vault’s combination) also unlocks levels 2 and 3, giving you access to all datalogger settings and functions.
To set the security codes for your dataloggers, we recommend that you use the Device Configuration Utility. Communication settings, such as the PakBus address, are accessed through the Settings Editor. Setting a level 1 Security Code will restrict others from making changes to these network settings. Setting a level 2 Security Code means that only those with the security code for level 2 can make changes to a datalogger clock. The following table highlights how setting the different levels affects your ability to make changes or access information:
Function | When level 1 is set | When level 2 is set | When level 3 is set |
CR1000 Program |
Cannot change or retrieve the program. |
All communications are prohibited. |
|
Settings Editor and Status Table |
Writable variables cannot be changed. |
||
Setting Clock |
Unrestricted |
Cannot change or set the clock. |
|
Public Table |
Unrestricted |
Writeable variables cannot be changed. |
|
Collecting Data |
Unrestricted |
Unrestricted |
In this image, all three levels are set:
After a datalogger has security enabled, you can give trusted individuals varying levels of access. The network administrator (or the person responsible for updating datalogger programs and communications) should have the highest level of access, or Security Code 1. In contrast, someone who only needs to collect data can have Security Code 3.
To store your security code in your datalogger support software, follow these steps:
In the image below, the Security Code for level 3 is entered; data collection is unrestricted but changes to the clock and other settings are blocked:
Datalogger security codes are one way to keep control over who can make changes to important datalogger settings. It is a good hardware management practice to give people access only to what they need, not more. If you have any questions or comments about setting your levels of security, post them below.
Comments
Please log in or register to comment.