Open Automation Software has Released OAS Version 17 with Security Enhancements.
Open Automation Software has been updated to notify users to setup security on the OAS Engine if the default security has not been updated to protect against unauthorized access. OAS version 17 also includes ironclad protection from packet spoofing, faster byte stream compression, updated encryption, and new client server handshaking for packet validation.
All OAS client interfaces have been updated to include this new transport including all .NET assemblies, OAS Configure application, Excel Connector, and service to service communications for Windows and Linux.
To secure older versions of OAS, follow the instructions here: Getting Started – Security
Secure Client Server Handshaking
Each data packet now includes an ironclad transport that cannot be reproduced externally, both the client and the server will reject the packet if replicated from a sniffed packet. Each packet from client to server is unique and must pass an algorithm verification from previous transport for validation.
User Credentials Encryption
The data within the byte stream no longer shows the username as clear visible text. An updated encryption method implements a unique seed value for each client connection to encrypt the user credentials.
New Data Packet Encryption
The data within the packet is encrypted with a different method that prevents all data within the packet from being extracted with sniffing the network connection.
The default installation now automatically adds an Admin security group to make it very easy to assign an administrator user. Users are also prompted to disable the Default security group after the administrator user is created. Security Groups and Users configuration can no longer be accessed with the default credentials after an Admin user is created. Users are now prompted to setup security when connecting to the service. REST API calls for configuration access is no longer permitted under the default security with a blank username and password.
View the Getting Started – Security guide to setup security for all versions of OAS to protect against unauthorized access to configurations, live data, and historical data.