If Rapid SCADA is used in a corporate environment, restrict access of domain users to the Rapid SCADA installation directory, by default C:\SCADA\. To do this, open the properties of the directory which contains the Rapid SCADA applications, choose the Security tab and configure access rights.
Configure a web server to enable HTTPS protocol for the Webstation application. Using HTTPS, all traffic between a browser and the web server, including passwords, is encrypted.
Use VPN to provide access for external users. If possible, avoid open access to Webstation from outside.
Change the default passwords. Open the project using the Administrator application, enter the new passwords in the Users table, and update the passwords for connecting to Server specified in the application settings. To create strong passwords, use a password generator. If a company uses Active Directory, setting up authentication in Rapid SCADA based on Active Directory enhances system security.