4 Ways to Make Your Data More Secure

Your data is valuable, and sometimes that value is reduced if unauthorized users have access to it. For this reason, Campbell Scientific data loggers have numerous methods of restricting access to your data. This article is an overview of four available methods for securing your data.

#1 - Security Codes

The most basic access control on the data loggers is the Security Code. The Security Code is similar to a PIN (personal identification number) to unlock your cell phone. The Security Code feature has been available for more than 20 years.

A unique feature of Security Codes is that you may specify codes for three different levels of security. You could give one code to your field technician that only lets the technician view and collect data. For yourself, you could have the highest level code, which allows you to make setting changes, etc.

安全代码设置确实为许多情况提供足够的访问限制。但是，确定的罪犯可以通过强力攻击发现销。

Location of three of the security settings in DevConfig.

#2 - PakBus/TCP Password

As IP connections have become very common with our data loggers, Campbell Scientific has added PakBus/TCP Password as a means of authentication. You use the PakBus/TCP Password as a key with a proprietary authentication method similar to CRAM-MD5.

As the name of the setting implies, this setting only secures PakBus communication over TCP connections. It will not control access over a direct serial connection to your data logger.

虽然Pakbus / TCP身份验证几乎不可能对黑客破解，但Pakbus数据包的内容不加密。理论上，一支专业的黑客队伍可以倾听IP流量，并试图猜测哪些数字是哪些测量。

#3 - TLS

IP连接的另一种可用的安全性是行业标准TLS。TLS是登录您的银行网站时使用的安全性。建立连接需要身份验证，并且数据包的内容被加密。除非您使用“密码”作为密码，否则TLS连接将不会破解。

The use of TLS is controlled by your data logger program, not by settings. If you have usedEmailSend()要么FTPClient(), you may have used TLS without realizing it.

每个单独的IP连接管理TLS。由于处理开销，使用您的数据记录器作为TLS服务器是不切实际的。但是，当数据记录器连接到TLS服务器作为客户端时，性能不会过分影响。

#4 - PakBus Encryption Key

The PakBus Encryption Key is the evolution of the Security Code. It requires all PakBus communication to the data logger to be authenticated and encrypted. The encryption used is AES-128, which is accepted as a very secure standard.

The PakBus Encryption Key secures both direct serial connections and IP connections. With it, you either have full access or no access.

Using Multiple Security Methods

It is possible for you to use these security methods simultaneously. For example, for ultimate security on PakBus connections over IP, you could enable the Security Code, PakBus/TCP Password, and PakBus Encryption Key. That is three layers of security! Just don’t forget your passwords. Not even our engineers could break through that security.

Tip:考虑数据记录器的物理安全性。知识渊博的人可以物理访问数据记录器和CR1000KD来获取对数据记录器的完全访问。

Recommended for You:Read the“How can data be made more secure on a CRBasic PakBus data logger?” FAQ.

Do you have a security story you’d like to share? Post it as a comment below.

Looking Ahead:If you use removable memory cards with your data logger, you can look forward to a future article about theCRBasic Encryption()instruction.