Home Community Idea Exchange LabVIEW Ideas Idea

LabVIEW Idea Exchange

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
josborne

Encryption of VI Server traffic

Submitted by Active Participant on ‎07-15-2021 01:52 PM 1 Comment (1 New)
Status: New

By default, VI Server uses TCP to communicate between applications.  This stream of data is not encrypted and open to hacking and snooping.  

 

My suggestion is allow VI Server traffic to be encrypted, perhaps using SSL/TLS  or an AES algorithm.

 

The reasons are obvious.  There is an increasing number of cyber attacks in industrial control systems.  Many cyber attacks are perpetrated internally, so a firewall or air gap is only so helpful.  And in certain environments (ie military, medical) you can't even consider transmitting data without encryption.  This means VI Server is not an option for many users.

 

I see that LV2020 now supports SSL/TLS in its TCP functions (see here), so the logical next step would be to make use of this in VI Server also.

http://www.medicollector.com
View All (1)
1 Comment
AristosQueue (NI)
NI Employee (retired)
‎07-15-2021 02:51 PM
‎07-15-2021 02:51 PM

VI Server allows for remote execution of potentially arbitrary code. It really is not appropriate for use on an unsecured, open network, even with encryption and other security measures. If you're exposed to an open network, you should be sending more proscribed packets of formatted data, vetting them, and then executing code based on what is received.

 

NI may secure VI Server more than it is today, but the fact that it is unsecure right now is actually appropriate to the domains in which it is appropriate to use it.

 

So, weirdly, I'll add my personal kudos to this idea, but with the caveat that if the idea is never implemented, I don't think it's a poor NI decision. Establishing a secure system means not running VI Server.