Security

In any computer system, the first line of security is hardware security. If a computer resides in an unsecured location, on an unsecured network, or the drives are not protected, the system is at risk.

The second line of security is software security. If the computer does not require adequate user authentication, the system is at risk. User authentication is performed by the operating system (Microsoft Windows) when a user logs on to the network.

CygNet Software provides yet another layer of security. The Access Control Service (ACS) is the CygNet Software security administration service. Its database contains the list of applications and events for which security is required, as well as the list of users and their authorization levels. In terms of security each service is an application. Security can also be applied at the record level in a service. The ACS can provide security for custom applications provided they can communicate with the ACS. It functions in concert with the operating system security (Microsoft Windows) to protect access to your system. See Access Control Service (ACS) for more information.

Microsoft Windows User Account Control (UAC)

User Account Control (UAC) is an operating system security feature that prevents unauthorized changes to your computer and is integrating with CygNet client software. UAC notifies you when a program makes a change to your computer that requires administrator-level permission. CygNet recommends that you enable UAC on CygNet clients to help make your client computers as secure as possible.

UAC should still be disabled on computers running CygNet Host Services (CygNet SCADA service hosts and CygNet Measurement (FMS) service hosts).

See CygNet and User Account Control for more information.

CygNet Security

CygNet security checks permissions for authenticated users (as verified by Microsoft Windows security) to perform tasks in the software. The service that administers security is the Access Control Service (ACS). If the ACS is not running, tasks cannot be performed because authorization cannot be verified.

Each time a user attempts to perform an action that requires a certain security access level for a given application, a message is sent to the ACS to verify the user’s permission level. When the user’s permission level meets or exceeds the required permission level for the event, the ACS grants access via a verification message. When the user permission level is deficient or the event is not found in the ACS, access is denied.

If the ACS becomes non-operational a security "lockout" occurs — events cannot be performed since user permissions cannot be verified. Only two services are unaffected by a security lockout: the Address Resolution Service (ARS) and the Remote Service Manager (RSM). Both of these services can run when the ACS is out of service. The Remote Service Manager may or may not require a password for security events, depending upon the RSM configuration.

To address questions or circumstances beyond the scope of the CygNet Help, Additional CygNet Resources are available.

Training courses specific to CygNet configuration and administration are offered periodically. Contact CygNet Training for more information.

More:

ArrowCygNet and User Account Control

ArrowSecurity Terminology

ArrowSecurity Architecture

ArrowAccess Control Service

ArrowApplications, Events, Permissions

ArrowApplication Override

ArrowPlanning Security

ArrowManaging the ACS

ArrowImplementing Security

ArrowSecurity Reference - Services

ArrowSecurity Reference - Bridge Applications

ArrowSecurity Reference - CygNet Thin Web Client