Data in Transit
Within Industrial HiVision:
GUI – Kernel: Corba over SSL (encrypted)
Kernel – Kernel: Corba over SSL (encrypted)
Communication between kernel and UI uses the same method as HTTPS
Industrial HiVision – Devices (dependent on the device / the configuration of the device):
Unencrypted:
SNMP V1, HTTP, Telnet, HiDiscoveryV1,, EtherNet/IP
Encrypted:
SNMP V3, HTTPS, SSH
Data at Rest
Most data is stored unencrypted in the Industrial HiVision database
All passwords and community strings (SNMP V1) are encrypted in the database
Keys are 64 bits long (for the passwords).
Some data is stored unencrypted in files, for example the IP address of the server to which the GUI is connected
Industrial HiVision User Management: stored in an unencrypted file, passwords saved as a hash
Authentication and Management of Security Services
User Management in Industrial HiVision: configurable:
None
LDAP (secure or unsecure)
RADIUS (unsecure)
Local (Industrial HiVision User Management)
Password to protect Edit Mode (optional and configurable)
Protocol Security
SNMP V3: depending on the settings: MD5, SHA / DES, AES128
All passwords and community strings in the database: DES
Communication via SNMP can use keys up to 256 bits (AES256C), if the devices support it.
Keys for HTTPS are between 1024 and 2048 bits