|
Secure communications between two or more iFIX nodes is available with authenticated server-to-client communications, as well as end-to-end data protection. The ability to configure non-listening clients also provides additional security measures. Refer to the following topics for more detailed information about network security:
There are two types of network computing: Legacy (default) and Trusted (secure). An iFIX network can be configured to have multiple IP addresses; however, you cannot mix trusted and legacy communications on the same network. You can configure the network to be only trusted, or only legacy secure. Legacy Network ComputingLegacy (default) network computing allows you to continue to use legacy security with iFIX 4.0. Legacy security works on non-secure IP addresses. Legacy security limits the network exposure through several methods:
Communications through authorized incoming IP validation iFIX is aware of the IPs assigned to the machine it is running on and can be set to allow communications only on the dedicated IP address. This can be used in conjunction with hardware firewalls to limit the computers that can communicate with an iFIX installation. Machines with multiple Ethernet cards can be used to bridge between trusted and un-trusted networks. Authorized IP connections Legacy security supports the Accept Unknown Connections feature. This feature is a list of authorized IPs that are allowed to make connections to the iFIX networking system. Machines not on this authorized list are not allowed to connect and communicate with the SCADA. For more information, refer to Disabling Connections from Unauthorized Nodes. Authorized modification validation at the communications layer Legacy security supports the Accept Unknown Writes feature. This feature is a list of authorized nodes that are allowed to modify the iFIX databases. The type of packet coming in is validated against the list, and nodes that are not on the list are not allowed to modify the iFIX databases. For more information, refer to Disabling Database Write Access for Unauthorized Nodes. Basic network encryption Legacy security supports a number of methods to encrypt the data being sent over the network, such as simple encryption and data hiding. For more information, refer to your Windows documentation. Trusted Network ComputingSecure networking is either enabled or disabled. When enabled, the communications server (the client or SCADA the receiving incoming connections) accepting the incoming connection will require all incoming connections to be secure. All incoming connections on a secure communications network must meet the secure communications requirements. For more information about trusted computing, refer to Connection Authentication. Failure ModesThere are three situations that will cause a connection attempt to fail:
See AlsoHow Do I... |
Important Notice You do not have the latest version of iFIX! You are missing out on the newest capabilities and enhanced security. For information on all the latest features, see the iFIX product page. For more information on upgrades, contact your GE Digital sales agent or e-mail [email protected]. For the most up-to-date documentation, go here. |
|
|