Table of Contents
Advertisement
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for AKCP SP+ Series
Summary of Contents for AKCP SP+ Series
- Page 1 SP+ Security Features Manual Copyright © 2017, AKCP...
-
Page 2: Table Of Contents
SP+ Security Features Manual Table of Contents Introduction ..............................3 Services................................4 SSL Certificate ..........................5 SNMPv3 ................................8 Password Checking and Security ....................... 9 Password Security options ......................10 Lockdown ..........................11 Password Expiration......................12 Access Control Users and Groups ......................13 Server Integration ............................ -
Page 3: Introduction
SP+ Security Features Manual Introduction The security features on the sensorProbe+ units allows users to lock down and secure the unit from exterior threats. Each option will be covered in detail within this manual. Services - enable/disable HTTP and HTTPS, and change their ports ... -
Page 4: Services
SP+ Security Features Manual Services You can close or change the ports used to access the unit‟s web interface, disable HTTP and enable HTTPS only, which can also be set to be used as default. On the SP+ family, the HTTPS supports TLS v1.1 and v1.2. The HTTPS cypher suites are not customizable. -
Page 5: Ssl Certificate
SP+ Security Features Manual SSL Certificate SSL certificates are generated for DNS host names and not IP addresses. You should set a host name for the SP+ unit in your local DNS server or DHCP server, and then generate the SSL certificate for that host name. - Page 6 SP+ Security Features Manual The .PEM file is the private key + certificate combined. You can copy them to one file using Notepad++ if you have 2 separate files, as shown below (it has to be in Unix Line Format and not Windows): - 6 -...
- Page 7 SP+ Security Features Manual If you don‟t upload a certificate but enable HTTPS, a built-in certificate will be used. You‟ll get a browser warning upon opening the Web UI about an incorrect certificate. This is normal and you should add it as an exception or proceed, depending on your browser: - 7 -...
-
Page 8: Snmpv3
SP+ Security Features Manual SNMPv3 SNMPv3 provides important security features: * Confidentiality - Encryption of packets to prevent snooping by an unauthorized source. * Integrity - Message integrity to ensure that a packet has not been tampered with in transit. * Authentication - to verify that the message is from a valid source. -
Page 9: Password Checking And Security
SP+ Security Features Manual Password Checking and Security You can turn on the password checking for the Web UI to ensure only authenticated users have access to the unit. You can also specify to show all user names on the login page, or keep them confidential. -
Page 10: Password Security Options
SP+ Security Features Manual Password Security options All user account types (Admin, User, Viewer) have adjustable password expiration and lockdown periods. The password can be up to 15 characters (a-z, A-Z, 0-9 and special characters). The IP address of the remote user‟s computer will be logged in the syslog so you can trace back each login session to its origin. -
Page 11: Lockdown
SP+ Security Features Manual Lockdown The accounts can be set to lock down the account after 3 invalid login attempts, to prevent brute-force hacking attempts. You can specify how long the account will automatically unlock itself. Note that for the Admin user, you can‟t select “indefinitely” as this would prevent you from logging in to the Web UI if it has locked itself. -
Page 12: Password Expiration
SP+ Security Features Manual Password Expiration You can specify password expiration between every 15 and 90 days for all account types. Note that currently there‟s no option to set “no expiration”. You‟ll get a notification upon login when the password has expired, and will be asked to change it. It‟s advised to change it when asked, but you can still proceed without changing. -
Page 13: Access Control Users And Groups
SP+ Security Features Manual Access Control Users and Groups The Access Control Users and Groups are managed from the AKCess Pro Server and are used for accessing doors with the Swing Handle Lock. You can only view the existing users and groups from the unit‟s Web UI and modify only a few parameters on them. -
Page 14: Server Integration
SP+ Security Features Manual Server Integration You can enable/disable controlling the unit via AKCess Pro Server. If the unit has been added to the APS console, the server‟s IP address will be also displayed here. You can change the APS port when the server‟s port changes, and the keep-alive period (heartbeat sync to APS). -
Page 15: Vpn To Aps
SP+ Security Features Manual VPN to APS This feature is used by connecting the SP+ with the APS VPN server securely through a private link. It requires a separate license. After the license has been activated, first you have set up the APS VPN server then you‟ll need to fill out the same options here to be able to use the VPN connection. -
Page 16: Troubleshooting - How To Generate A Proper .Pem File From A Windows Ca
SP+ Security Features Manual Troubleshooting - How to generate a proper .PEM file from a Windows CA First make the .PFX file export using the steps below: (taken from https://www.sslsupportdesk.com/export-ssl-certificate-private-key-pfx-using-mmc- windows/) To backup, export an SSL certificate with its private key and intermediates performing the following steps: Step 1: Create an MMC Snap-in for Managing Certificates on the first Windows system where the SSL certificate is installed. - Page 17 SP+ Security Features Manual 2. Go into the Console Tab > File > Add/Remove Snap-in. 3. Click on Add > Click on Certificates and click on Add. - 17 -...
- Page 18 SP+ Security Features Manual 4. Choose Computer Account > Next. 5. Choose Local Computer > Finish. 6. Close the Add Standalone Snap-in window. 7. Click on OK at the Add/Remove Snap-in window. - 18 -...
- Page 19 SP+ Security Features Manual Step 2: Export/Backup certificate to .pfx file: 1. In MMC Double click on Certificates (Local Computer) in the center window. 2. Double click on the Personal folder, and then on Certificates. 3. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export 4.
- Page 20 SP+ Security Features Manual 5. Choose to „Yes, export the private key„ - 20 -...
- Page 21 SP+ Security Features Manual 6. Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option) 7. Enter a password you will remember. 8. Choose to save file on a set location. - 21 -...
- Page 22 SP+ Security Features Manual 9. Click Finish. 10. You will receive a message > “The export was successful.” > Click OK.The .pfx file backup is now saved in the location you selected and is ready to be moved or stored for your safe keeping.
- Page 23 SP+ Security Features Manual After this you can do the .PEM conversion in 2 ways, using OpenSSL (recommended) or the DigiCert utility. 1. Use OpenSSL with proper parameters: http://www.thawte.nl/en/support/manuals/microsoft/all+windows+servers/export+private+key+or+certif icate/ Export the private key file from the pfx file: openssl pkcs12 -in filename.pfx -nocerts -out key.pem Export the certificate file from the pfx file: openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem Remove the passphrase from the private key:...
- Page 24 SP+ Security Features Manual Please contact support@akcp.com if you have any further technical questions or problems Thanks for Choosing AKCess Pro! - 24 -...
Need help?
Do you have a question about the SP+ Series and is the answer not in the manual?
Questions and answers