optoblog

GROOV EPIC安全系列,第4部分:用户帐户

发表 Ben Orchardon May 10, 2019 3:12:44 PM

在此博客文章中,让我们仔细研究一下groov史诗system, and how you can improve your system security by giving users and services fine-grained access to applications running on EPIC. In other words, make sure each person or service has only the access they really need and nothing more.

但是,在我们深入介绍用户帐户之前,让我们首先讨论用户帐户凭据。花点时间问自己以下问题:

  • Do you use the same password for multiple accounts?
  • 您是否在密码中使用标点符号和大写字母的混合物?
  • Do you use long phrases as your passwords?

我们都知道我们什么shoulddo, but then there is what we实际上do.We have talked about passwordsin a past blog post, but it bears repeating here: long passphrases are much more secure than shorter "tricky" passwords, whether they include symbols and capital letters or not.

在我们愿意承认的更多情况下,我们系统安全性的最薄弱链接取决于安全凭据,更具体地说是用户帐户凭据。即使我们没有强大的密码,我们也可以做到其他一切,也很容易受到伤害。

我以前博客文章中最喜欢的工具之一是我的密码有多安全?尝试一些您当前的密码,看看它们的票价如何。我想您会感到惊讶。

Okay, now that we agree long passphrases are important, we can continue.

Getting Started with EPIC and your first Admin User Account

当你加电时groov史诗for the very first time, you’re prompted to create an Admin User Account. It is important to note that there is no default username or password ingroov史诗(这是设计安全性),因此访问史诗般的唯一方法是您只能创建的帐户。

We designed it this way to prevent system access using any default credentials, which are easy to find on the Internet. Someone would have to know the username and password you created at setup to gain access. Along the same lines, if you forget your credentials, there is no way to recover them. We can’t help you. The only option is to straighten out a paper clip and push in the Reset button (which will reset the device back to factory defaults) and start all over again.

设置第一个管理用户帐户后,您可以创建更多用户并设置其密码和权限groovManage, the built-in web application for managing all things EPIC. Remember that you can configure user accounts ingroov在EPIC内置的高分辨率颜色触摸屏上管理,或通过计算机或移动设备牢固地通过网络安全。

EPIC8-IPHONEX-IPAD-V1A-1200X845-FINAL-CR拥有安全用户帐户的控制器/PLC很重要。市场上很少有类似的系统提供此功能,并且是系统安全性的重要组成部分。

现在,只要让每个人成为管理用户并“完成它”可能很诱人,但是很少有人会使用该设备的人需要充分,不受限制地访问您的Epic。坦率地,可以使用该设备的人越少,它就会越安全。因此,在创建帐户之前停止并考虑您的用户访问级别。

当然,不用说(所以我会这么说):确保每个用户都有一个唯一的用户名和唯一的密码,与其他用户不同。强烈建议使用上述强大,独特的密码,并且密码长度,大写,标点符号,语言等没有限制。

这就是添加用户对话框的样子groov在您的帐户设置页面中管理。

Add user screen


Note that by default, the new user does not have任何permissions. It is up to you to assign them as required. Once you enter the user’s username and password, you also set permissions for access to the software services on your EPIC. It’s best to start out by assigning only the permissions you know this user needs now; you can always edit the user and add more later if needs change. Also note that only Admin accounts can edit these permissions.

Also note that user accounts can be for people或者软件. If you have a programmer whose application needs to access EPIC, you can set up a user account for that application, different from human user accounts. We recommend that you have your programmers utilize this “user account” feature and use the automatically generated, unique API keys for their applications.groovEPIC使每个应用程序都可以轻松拥有自己的API密钥。

安全用户类型


If you’d like to permanently display an HMI screen ongroovEpic的颜色触摸屏显示groov看法,考虑仅使用groov看法rights, and set those rights as “Kiosk.” With the Kiosk limited permissions, someone who walks up to EPIC can view any HMI screens allowed for that user account butcannot注销,编辑项目或更改密码。使用此售货亭帐户,用于任何计算机,平板电脑或其他已登录到的设备groov看法for an extended period of time.

Day-to-day use ofgroov史诗is just like doing your banking: treat it with respect and always log out of any admin accounts when you are done.

总之,用户帐户帮助您groov通过将对软件和服务的访问仅限于仅需要的人,史诗般的安全。通过思考并充分利用此功能,您可以完全控制对系统的所有访问。

What other controller can do that?

直到下一次。队友的欢呼声。

本系列中的其他帖子:

Topics:安全,凹槽视图,Groov Epic,凹槽管理,网络安全,史诗安全,用户帐户

写的Ben Orchard

    Subscribe to Email Updates

    最近的帖子

      Posts by Topic

      see all