Security Requirements; System Environmental Considerations; Deployments And Maintenance Considerations - Honeywell INNCOM e7w User Manual

INNCOM e7w THERMOSTAT USER GUIDE

Security Requirements

System Environmental Considerations

A firewall is required to isolate the IRAS (INNCOM Room Automation System) for the hotel private net-
work with the Internet. Unprotected Internet connections can expose and damage the IRAS system
and facility components to cyber-attacks from third parties. This may cause the IRAS system to mal-
function and can also be misused for illegal purposes for which the operator may then be held liable.

Deployments and Maintenance Considerations

Always keep server up to date on the latest security patches via regular system update. This
1.
applies not only to workstations or servers running on Windows, Linux, Mac or any devices
that runs as part of information infrastructure or operations workstation.
Always keep the INNCOM-e7w firmware with the latest released firmware to have maximum
2.
protection by built-in security features.
Do not use default passwords for any devices (if exists). This includes, but not limited, to all
3.
server workstations, storage servers, firewall devices, routers, and mobile devices.
Do not use weak passwords for server administrators or operators. Different user role (for ex-
4.
ample administrator, user, guest, etc.) shall have different password, and user should not
share common passwords.
It is recommended to change password in every 3 months.
5.
Keep the EngINN or INNcontrol log for at least 3 months for tracking records.
6.
Document all the security settings in a package after commissioning, include the following:
7.
• Passwords
• Edge router settings, including network parameters.
• Network settings, especially network configurations that provide isolation between the
IRAS/BAS (Building Automation System) network and other networks.
• Firewall settings, such as ports that are allowed through, especially ones that are es-
sential to maintain the designed security protections.
• Physical security controls, such as a locked cabinet or an equipment room that restricts
physical access to the IRAS system, INNCOM and e7w products or Hotel daily operation
system.
In case of wireless communication, malicious wireless devices can easily scan the wireless
8.
channel and inject malicious packets or mass data flow to perform Deny-of-Service attacks.
31-00302-01 8