About station security
Security starts with the configuration and monitoring of each station. It involves setting up secure communication, secure email, secure user credentials, and configuring components, categories, hierarchies, and roles to grant users access only to the system objects they need to do their jobs. To achieve effective security, it is essential to use of Niagara 4’s security features and configure your network properly. Key areas that need configuration for station security include secure communication settings, user authentication, and authorization management.
Secure communication provides:
Server identity verification, which prevents man-in-the-middle and spoofing attacks. To set up the digital certificates that verify server identity, you use the Certificate Manager view.
Data encryption (foxs/https/platformtls), which prevents eavesdropping during the actual transmission of data. You define the key size used to encrypt data transmission when you create each certificate.
Secure email communication. To configure email security, you use the EmailService.
User authentication protects against unauthorized access by ensuring that only legitimate users (human or station) can log in using Workbench or a web browser. You use the AuthenticationService to activate the authentication schemes the station needs, and the UserService to assign the authentication scheme and login credentials to individual users (human or another station). You can add multiple schemes, each of which may be used by a different user.
- Authorization management involves the following:
Defines which component slots, files, and histories are accessible
Defines which users may modify them
Defines what modifications users may make Niagara use role-based access control, where users are assigned roles that are mapped to component permissions.