"you can secure your system pretty well" - not quite good enough. Since anyone
can search 'default Foxboro passwords' and find the Keys To The Kingdom, there
really isn't any security, just obstacles. Even if you trust every one of your
operators not to go poking around on night shift, if your system is connected
to the outside world in any way (historian tunnel, OPC, RemoteWatch, business
LAN backdoors), you've got an open threat vector and no baked-in security.
Picture a malicious service that installs itself with well-known admin
credentials and starts bumping setpoints.
Re: backdoor hacks and keyboard shortcuts available - here's one I like: if
CTRL+ALT+DEL & Start Menu are disabled, you can still mash CTRL+SHIFT+ESC to
open Task Manager. From there you have Explorer, command prompt, etc.
I understand why the OP is asking if he can change the f/g password on standard
I/A. It was one of the first questions I asked our service guy after I started
working on a Foxboro system.
Just my two bits!
Brahm Neufeld
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On ;
Behalf Of Kinsinger, Matthew R
Sent: Wednesday, October 19, 2016 2:17 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] <EXT>Re: Password change of the Fox and Administrator
users
Did the original poster ever provide his reasoning for WHY he wanted to change
the password (I looked in the archive and didn't see anything)? I think with
all of the other security options available on a standard IA system, you should
not need to change the password. If you setup a box to boot and autologin with
the restrictive option (no start menu, Cntl+Alt+Del disabled, etc) then use
foxview environments and security to control what people access, what other
features/access are you trying to prevent against? Turn off all remote access
except by specially defined remote users you setup and similarly control what
remote environments and access levels they have. I know there are a few other
backdoor hacks and keyboard shortcuts available, but for the most part you can
secure your system pretty well with standard methods and leave the fox password
alone...
Matt Kinsinger
mkinsinger@xxxxxxx
330-472-1454 ppg cell
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On ;
Behalf Of Richard Peck
Sent: Wednesday, October 19, 2016 4:01 PM
To: foxboro@xxxxxxxxxxxxx
Subject: <EXT>Re: [foxboro] Password change of the Fox and Administrator users
Hi all,
Has anyone tried to change the privaledges for Fox user so it cannot login?
Then set up other accounts and see if that works?
Thanks
Richard
On Thursday, 20 October 2016, Alexander Johnson <
alexander.johnson@xxxxxxxxxxxxxxxxxxxxxx> wrote:
Re: What about the other users? Administrator and IARemote. Is it
possible to change the password for these users?
I've never tried Administrator so I can't answer with certainty. That
said, I believe you can change it because all of the normal software
uses "Fox."
IARemote is a normal Windows user and you can change its password.
Best,
Alex
____________________________________________________________
_________________________
Alex Johnson | Schneider Electric | Invensys | United States | System
Architect, Next Generation Systems
Phone: +1 713 329 8472 | Fax: +1 713 329 1700
Email: alexander.johnson@xxxxxxxxxxxxxxxxxxxxxx <javascript:;> | Site:
www.schneider-electric.com | Address: 10900 Equity Drive, 77041
Houston, TX, United States
*** Confidentiality Notice: This e-mail, including any associated or
attached files, is intended solely for the individual or entity to
which it is addressed. This e-mail is confidential and may well also
be legally privileged. If you have received it in error, you are on
notice of its status. Please notify the sender immediately by reply
e-mail and then delete this message from your system. Please do not
copy it or use it for any purposes, or disclose its contents to any other
person.
______________________________________________________________________
___ This mailing list is neither sponsored nor endorsed by Schneider
Electric (formerly The Foxboro Company). Use the info you obtain here
at your own risks. See the disclaimer at
www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx
<javascript:;>?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx ;<javascript:;>
?subject=leave