Define Whether the Server Only Accepts Secure Connections

To help protect your system from unauthorized use, ClearSCADA 2015 R1 introduced new ‘secure connection’ security measures. These extra security measures are not supported by clients that run earlier versions of ClearSCADA.

To define whether the ClearSCADA server will only accept secure connections from clients:

  1. Display the Server Configuration Tool and log on if required.
  2. Browse to the Security settings for the required system and node (they are in the System Configuration branch).
  3. In the Force Secure Connections section, select or clear the Enabled check box as required. (With new installations, the check box is selected by default.)

    If you have a ClearSCADA server and clients running ClearSCADA 2015 R1 onwards, the added security features are supported by default. You do not need to make any changes. If you have clients running older versions of ClearSCADA, you will need to make a decision:

    • You can force the server to only accept secure connections from clients. If you select the Enabled check box in the Force Secure Connections section, the new security measures are applied to every existing client connected to the server. Clients running older versions of ClearSCADA will be unable to connect.
    • Although we do not recommend it, you can allow the server to accept secure or insecure connections from clients. If you clear the Enabled check box in the Force Secure Connections section, the new security measures are only applied to clients running ClearSCADA 2015 R1 onwards. ViewX clients running earlier versions of ClearSCADA will be able to connect to the server, but as a consequence, your system will also be at risk from unauthorized (and potentially malicious) use.
      NOTICE

      SECURITY RISK

      Clearing the Enabled check box could compromise the security of your system. Unauthorized users could gain access to your system.
      Failure to follow these instructions can result in equipment damage.

    We recommend that you select the Enabled check box and upgrade any ViewX clients running older versions of ClearSCADA. If you upgrade the clients, they will be able to connect to your server without compromising the security of your system.

    If you are unable to upgrade your clients, clearing the Enabled check box may be the only way to allow the clients to connect to the server. In this situation, you should take every possible precaution to protect your network from unauthorized access.

  4. Apply the changes to the server.
  5. With ViewX clients that are running ClearSCADA 2015 R1 onwards, you can define whether those clients make secure connections to the server. We recommend that you configure those clients to make secure connections to the server. If you opted to clear the Enabled check box in the Force Secure Connections section, we recommend that you configure those clients to make secure connections to the server (see Define Whether the ViewX Client Uses a Secure Connection in the ClearSCADA Guide to Client Administration).

If you have a ClearSCADA server and clients running ClearSCADA 2015 R1 or later, the added security features are supported by default.

Further Information

Enable and Manage the Client Access Control List

Setting Up Security for WebX and Original WebX Clients.


Disclaimer

ClearSCADA 2017 R3