Home Community Discussion Forums Most Active Software Boards LabVIEW Topic

LabVIEW

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

cRIO-9068 Programmatically Close Ports

cRIO-9068 Programmatically Close Ports

‎02-27-2016 05:47 PM

I have developed software for power conversion equipment on the cRIO-9068. As this equipment is now getting installed at utilites I think it will come under greater cyber-security scrutiny.

 

Being very new to this. I downloaded a port scanner and scanned my internal IPs. One of which is a cRIO-9068.

 

It discovered open ports related to the embedded silverlight web server. I am curious if it is possible to to turn these ports / services / servers off from within the cRIO application.

2016-02-27 18_21_05-Zenmap.png

 

There may well be others.

Shared variables - not required for my app, but likely used by MAX which gets occasional use. And also Distributed System Manager.

WebDAV Server - not required for normal operation, but used to put XML files on the target.

RAD Utility - I imagine the RAD utility uses a few ports not found.

 

 

I  would like to use my HMI (Windows based industrial HMI) which the cRIO polls as a ModbusTCP master to enable and disable as many of these ports/ services as possible. I googled a few obvious inquiries but did not find much useful. I also used the quick drop to search for web and http function blocks to use in the block diagram.

 

But nothing seemed obvious.

 

Any help appreciated.

 

 

 

 

0 Kudos
Message 1 of 2
(3,217 Views)
Reply

Re: cRIO-9068 Programmatically Close Ports

‎02-29-2016 04:21 AM - last edited on ‎08-12-2024 06:41 PM by Member

1) Uninstall the relevant components from the Add/Remove Software on the cRIO - things like 'NI System Configuration Remote Support', 'Hardware Configuration Remote Support', 'NI Web-based Configuration and Monitoring' (I think this one is probably the main component,,,the others are probably the plugin modules), 'Network Configuration Web Support' etc. The services on Port 80/443 are most likely the 'NI Application Web Server'. The FTP, WebDAV server, Shared Variables etc. are also components you can remove. If they aren't installed, they can't pose a security risk.

2) I believe there are some options on the cRIO itself to disable/enable some components which are run/launched at boot time - this would probably (at the very least) require editing one of the config files on the cRIO and then require a reboot (but it may be possible to use system exec to launch them) - unfortunately that's the extent of my knowledge on this - there is an article somewhere on the NI website about speeding the cRIO boot-time but I'm not sure how much of that is applicable to the newer Linux RT RIOs.

3) Of course - a suitably configured firewall (perhaps with VPN for debugging/remote access) is always a sensible idea and should almost definitely be used in conjunction with the above.

 

You should also have a read of this whitepaper (and part 2) which discusses best practices for securing RIOs. I'm sure if you talk to your local NI office, they may be able to give you some further pointers/advice on securing cRIO systems.

LabVIEW Champion, CLA, CLED, CTD
(blog)
0 Kudos
Message 2 of 2
(3,165 Views)
Reply