CHAPTER 5: SETTINGS PRODUCT SETUPL60 LINE PHASE COMPARISON SYSTEM – INSTRUCTION MANUAL 5-175Figure 5-2: Login screen for CyberSentryWhen the "Server" Authentication Type is selected, the L60 uses the RADIUS server and not its local authenticationdatabase to authenticate the user.When the "Device" button is selected, the L60 uses its local authentication database and not the RADIUS server toauthenticate the user. In this case, it uses built-in roles (Administrator, Engineer, Supervisor, Operator, Observer, orAdministrator and Supervisor when Device Authentication is disabled), as login accounts and the associated passwordsare stored on the L60 device. In this case, access is not user-attributable. In cases where user-attributable access isrequired, especially for auditable processes for compliance reasons, use server authentication (RADIUS) only.No password or security information is displayed in plain text by the EnerVista software or the UR device, nor are they evertransmitted without cryptographic protection.When CyberSentry is enabled, Modbus communications over Ethernet is encrypted, which is not always tolerated bySCADA systems. The UR has a bypass access feature for such situations, which allows unencrypted Modbus over Ethernet.The Bypass Access setting is available on the SETTINGS PRODUCT SETUP SECURITY SUPERVISORY screen. Note thatother protocols (DNP, 101, 103, 104, EGD) are not encrypted, and they are good communications options for SCADAsystems when CyberSentry is enabled.When using the rear RS485 port and CyberSentry, registers can be read with a maximum buffer of 64 bytes. Settings maynot be written, so use another port.CyberSentry settings through EnerVistaCyberSentry security settings are configured under Device > Settings > Product Setup > Security.Only (TCP/UDP) ports and services that are needed for device configuration and for customer enabled features areopen. All the other ports are closed. For example, Modbus is on by default, so its TCP port 502, is open. But ifModbus is disabled, port 502 is closed. This function has been tested and no unused ports have been found open.
