DXM Security Overview

Most security questions customer IT departments may have can be alleviated by noting that the Banner DXM Controller does not run on a Windows- or Linux-based operating system. The DXM Controller runs an embedded RTOS control loop with no remote login capability. It has a limited ability to communicate with host systems by design.

The DXM is configured by an XML file created from the DXM Configuration Software and can be sent to the controller using authentication to update the DXM Controller functions.

The DXM Controller was designed to consolidate sensor data into register values and present that data to host machines using a push method to a server or using industrial protocols (Modbus RTU, Modbus/TCP, or EtherNet/IP). The communication methods are selected within the XML configuration file.

DXM Controller connection methods include the following:

• USB—Configuration port and console output. The configuration software uses custom API commands for sending configuration data. Data transactions can be controlled by authentication.

• Ethernet – Industrial protocols—The DXM Controller is a slave to the masters of the network. Ethernet protocols include Modbus/TCP, EtherNet/IP.

• Ethernet – HTTP push to server—DXM Controller creates push packets that can be encrypted using HTTPS. Acknowledgement messages from push packets offer limited control are also encrypted.

• Ethernet – Configuration port and console output—Configuration changes are made using the software, with the authentication controlled.

• RS485 Modbus RTU master port—Controlled by the DXM for accessing remote Modbus devices. The DXM is the Modbus master and is only programmed to use the Modbus RTU protocol. The configuration of this port is controlled by the configuration software, which can be username/password protected.

• RS485 Modbus RTU slave port—Read/write access to register data

• RS232 port—Some models support a RS-232 port that is completely controlled using ScriptBasic. Access with this port is limited to what the user programs.

• CAN / J1939—Some models support a CAN/J1939 port that is configured to read/write data based on the user configuration settings. Configuration is controlled using username/password authentication with the configuration software.

• SDI-12—Some models support SDI-12 connections for remote sensors. The DXM manages the SDI-12 bus and the SDI-12 bus is protected using username/password authentication with the configuration software.

• Cellular LTE / GSM—Allows for HTTP push packets to webserver and texting capabilities with appropriate configuration and firewall configuration.