Enable and Manage the Client Access Control List

The Client Access Control List (CACL) allows you to define a list of client IP addresses that have authorized entry to your Geo SCADA Expert server. You can restrict the clients that are authorized to access the Geo SCADA Expert server using the Client Access Control List (CACL) to define an IP address or IP Range to identify the clients that have access to the database.

The CACL is an additional security feature and distinct from the Access Control List (ACL) that is used to define the permissions for each object within the database, (see Understanding the Access Control List (ACL)).

Authorized access control for Virtual ViewX clients is managed within IIS. This needs to be done by an IIS administrator.

Enable the Client Access Control List

To enable the Client Access Control List and apply it to ViewX clients as well as third-party clients that access the Geo SCADA Expert server use the following procedure:

  1. Display the Server Configuration Tool and log on if required.
  2. Expand the System Configuration branch of the tree-structure.
  3. Select the Security entry and locate the section to display the Client Access Control List section:

    If you have a Geo SCADA Expert server with a variety of clients, you will need to make a decision:

    • If you select the Enabled check box in the Client Access Control List section, you can configure the server to only accept connections from specific clients, the new security measures are applied to all existing and future clients. This may result in some older clients on the network being unable to connect to the Geo SCADA Expert server.
    • Although we do not recommend it, you can allow the server to accept connections from all clients. If you clear the Enabled check box in the Client Access Control List section, all clients on the same network can connect to the server, as a consequence, your system will also be at risk from unauthorized (and potentially malicious) use.
      NOTICE

      SECURITY THREAT

      Clearing the Enabled check box could compromise the security of your system. Unauthorized users could gain access to your system.
      Failure to follow these instructions can result in equipment damage.
  4. When you enable the Client Access Control List you can continue to Add Clients to the Client Access Control List.

    For more information about how to manage the Client Access Control List, see the topics that are listed in the gray footer section at the bottom of this topic. Select the relevant entry to display the topic that you require.


Disclaimer

Geo SCADA Expert 2019