NI PSP Variable Security

Jed394 · ‎10-01-2013

I'm currently using Network Published I/O variables to programmatically directly access individual module I/O channels on a CRIO, from a host program as well as other CRIO's. Is there anyway to limit access or secure these variables so that only a certain user, ip address, or some other identifier has access to these. As it stands right now, any user with access to the network, could write to these variables or even force them to an un-safe state. I do not have the DSC module, I'm not sure if it would even provide an issue for I/O network variables or not. Any insight would be great.

There variables are extremely flexible and easy to use, but this is for an industrial application and security trumps this. I'm hoping there is a simple solution so I don't have to write all the TCP/IP and encrypt everything manually.

Whit-E_Wall-E · ‎10-02-2013

Hello,

DSC is going to offer you the most security available in regards to variables. For more information of security with the DSC module check out this article. Also the DSC training has an entire section dedicated to security.

Without the DSC Module there is limited to no security available for variables.

Regards,

M. Whitaker
ni.com/support

Jed394 · ‎10-02-2013

@Whit-E_Wall-E wrote:

Hello,

DSC is going to offer you the most security available in regards to variables. For more information of security with the DSC module check out this article. Also the DSC training has an entire section dedicated to security.

Without the DSC Module there is limited to no security available for variables.

Hmmm that's very disappointing and bad marketing. I don't really consider the DSC module a good option as it requires extra money for the Module as well as an license for every runtime executable instance you need. I have used the trial and i do not consider it to be worth the price. Considering the emphasis NI has put on the ability of their chassis system to serve in industrial applications, there should be a secure feature for these variable built into the Develop Suite or atleast the Real Time Module, especially when using an expansion chassis.

For the CRIO in my application it is not a big deal to write a TCP communication to fill this void, however for my NI9148 expansion chassis, there is no way to secure communication to this device, since you are required to use the SCAN interface to communicate with it remotely. Anyone could simply connect to the network and override these values using the distributed system manager. In this case I will be forced to hide my 9148 behind the main network and interface through Ethernet port #2 on my crio. A pain in itself considering you have to deploy everything in a seperate project. In addition, for true security I will have to lock out the cabinet these are units are stored in.

Unless i'm missing something it seems NI has dropped the ball on this one.

josborne · ‎10-03-2013

Can't say I'm surprised. Even after Stuxnet, most people still don't take industrial security very seriously. Glad to see you are one of the few!

http://www.medicollector.com

Whit-E_Wall-E · ‎10-04-2013

Hello,

We understand your concern, but unfortunately shared variable security is currently not built into variables without DSC. I encourage you to express your concern and idea to our Idea Exchange. It is definitely a valid point to add more security options to our Industrial controllers.

Another option to add security to the system would be to set it up on a local computer that could then be used as a server to limit access to the controller.

Regards,

M. Whitaker
ni.com/support

LabVIEW

NI PSP Variable Security

NI PSP Variable Security

Re: NI PSP Variable Security

Re: NI PSP Variable Security

Re: NI PSP Variable Security

Re: NI PSP Variable Security