User Instructions
9
user attempting to log in using a valid password from a host that is not
in the designated set of hosts would be denied access to the system (with
an appropriate reason given). There shall be a means to indicate that
access from any host are allowed.
Authorization shall be supported by access control lists. It shall be
possible to assign permissions on a user by user, utility by utility (for
external data distribution) and application by application basis. Thus, a
user might be allowed full access to the interactive meter reader, but no
access to the network configuration manager. All ENICS applications
shall consult the access control list before performing any operation that
might be forbidden by the access control list. Applications/applets
should provide a visual indication of forbidden operations (e.g., grayed
out controls) if a set of operations is not allowed for a user.
Confidentiality shall be supported through encryption of any
communication between ENICS servers (for external data distribution) or
between ENICS servers and applications/applets that involved
confidential data. If private key exchange is required (e.g., to use a DES
algorithm), then the private keys shall be encrypted when they are
exchanged (e.g., with a public key encryption technique).
Auditing shall be supported by the logging facility. All attempts to
access (i.e., log into) the system by a user or by an external agent shall
be logged, whether they are successful or not. As much data as possible
should be captured, particularly for unsuccessful logins, including the
login name and the machine name from which the login attempt is made.
1.1.1
3.7.1 Firewalls
It is anticipated that an ENICS system will typically operate behind
a firewall. The firewall is set up to deny access to unauthorized users
contacting the system from outside the local network (e.g., through the
Internet). ENICS applications, applets and servers are neither required
nor encouraged to defeat firewall security using HTTP tunneling or other
techniques. This implies that it will be necessary for ENICS system
administrators to explicitly allow firewall access to outside users on
specified ports. It shall be possible for an ENICS system administrator to
configure the port number(s) used to contact enics servers. This does
not imply that such configuration necessarily must be done on a server
by server basis.
1.1.2
3.7.2 Attack methods
The following potential attacks should be considered in the design
of the ENICS software:
ā¢ Monitoring. A cracker could monitor the data stream in an
attempt to find authorized user names and passwords. A utility
competitor could attempt to monitor the stream of meter reads
to determine which customers could be ācherry pickedā.