Manualshelf

User Manual

ManualsBrandsSiemens ManualsFire - DMS8000 Network & TerminalsMT8001 MP3.15 Management Terminal Installation Function & Configuration Commissioning Safety Regulations
31323334353637383940
NK8000 Security
4
33
Building Technologies
A6V10062437_a_en
CPS Fire Safety 30.09.2016
4 NK8000 Security
To ensure the system security and prevent physical damages and attacks that may
compromise the system integrity and confidentiality, make sure to install NK823x
units according to the following criteria:
NK823x units must be updated to latest Kernel and firmware versions.
NK823x units must be must be installed in locked cabinets (for example, a
control panel housing or the dedicated NE8001 cabinet).
Cabinets must be installed in locked rooms with constant surveillance and
restricted access to authorized personnel only.
Most of the communication protocols, used between the NK823x units and the
management station, and between subsystems and the NK823x units, are
open and unprotected protocols (for example, BACnet, Modbus TCP, IEC
60870-5-104, and so on). Therefore, the networks to which the NK823x units
are connected must be protected from unauthorized data access, use,
disclosure, disruption, modification, and destruction. This concerns all networks
that are somehow vulnerable due to external connections (WAN, Internet),
open technologies (wireless networks), or any other risk of fraudulent access.
To achieve the required level of security, the protective measures must include:
The use of firewalls on the Intranet to filter external traffic and select the
allowed ports
NOTE: The list of ports used by the management system can be found in
the
Application and Planning
document (A6V10063710).
The use of Virtual Private Networks (VPN) or other equivalent solutions to
establish a secure (encrypted) tunnel between the NK823x LAN and the
management station across public or unprotected networks.
In the NK823x unit downloads, the secure (default) option must be selected. Do
not use the FTP modes.
The built-in NK823x firewall and routing capabilities provide only a basic level
of protection for gateway purposes. For this reason, the use of NK823x as a
firewall for protecting subsystems, management stations, or customer networks
is not recommended.
In installations with critical infrastructure and higher security requirements, the
use of up-to-date, professional, and properly configured firewalls is highly
recommended.