1 vulnerabilities – Campbell Scientific CR3000 Micrologger User Manual

Page 71

Advertising
background image

Section 5. System Overview

71

 

Note All security features can be subverted through physical access to the
CR3000. If absolute security is a requirement, the CR3000 datalogger must be
kept in a secure location.

5.1.9.1 Vulnerabilities

While "security through obscurity" may have provided sufficient protection in the
past, Campbell Scientific dataloggers increasingly are deployed in sensitive
applications. Devising measures to counter malicious attacks, or innocent
tinkering, requires an understanding of where systems can be compromised and
how to counter the potential threat.

Note Older CR3000 operating systems are more vulnerable to attack than recent
updates. Updates can be obtained free of charge at www.campbellsci.com.

The following bullet points outline vulnerabilities:

CR1000KD Keyboard Display

• Pressing and holding the "Del" key while powering up a CR3000 will cause it

to abort loading a program and provide a 120 second window to begin
changing or disabling security codes in the settings editor (not Status table)
with the keyboard display.

• Keyboard display security bypass does not allow telecommunications access

without first correcting the security code.

Note These features are not operable in CR1000KDs with serial numbers

less than 1263. Contact Campbell Scientific for information on upgrading the
CR1000KD operating system.

LoggerNet:

• All datalogger functions and data are easily accessed via RS-232 and Ethernet

using Campbell Scientific datalogger support software.

• Cora command find-logger-security-code.

Telnet:

• Watch IP traffic in detail. IP traffic can reveal potentially sensitive

information such as FTP login usernames and passwords, and server
connection details including IP addresses and port numbers.

• Watch serial traffic with other dataloggers and devices A Modbus capable

power meter is an example.

• View data in the Public and Status tables.
• View the datalogger program, which may contain sensitive intellectual

property, security codes, usernames, passwords, connection information, and
detailed or revealing code comments.

FTP:

• Send and change datalogger programs.
• Send data that have been written to a file.

Advertising
Popular Brands
Popular manuals