1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Gateway
  5. NK8237 MP4.81-01
  6. Installation manual

Nk8000 Security - Siemens NK8237 MP4.81-01 Installation Manual

Iec 60870-5-104 gateway for sinteso and cerberus pro fire detection systems
Hide thumbs
Table of Contents

Advertisement

Structure and functions
4
System dimensions and compatibility list

5 NK8000 Security

16
Building Technologies
CPS Fire Safety
To ensure the system security and prevent physical damages and attacks that may
compromise the system integrity and confidentiality, make sure to install NK823x
units according to the following criteria:
NK823x units must be updated to latest Kernel and firmware versions.
NK823x units must be must be installed in locked cabinets (for example, a
control panel housing or the dedicated NE8001 cabinet).
Cabinets must be installed in locked rooms with constant surveillance and
restricted access to authorized personnel only.
Most of the communication protocols used between the NK823x units and the
management station, and between the NK823x units and the subsystems, are
open and unprotected protocols (e.g. BACnet, Modbus TCP, IEC 60870-5-104
etc.). Therefore, the networks where NK823x units are connected to must be
protected from unauthorized data access, use, disclosure, disruption,
modification, and destruction. This concerns all networks that are somehow
vulnerable due to external connections (WAN, Internet), open technologies
(wireless networks), or any other risk of fraudulent access.
To achieve the required level of security, the protective measures must include:
The use of firewalls on the Intranet to filter external traffic and select the
allowed ports.
NOTE: The list of ports used by the management system can be found in
Application & Planning
the
The use of Virtual Private Networks (VPN) or other equivalent solutions to
establish a secure (encrypted) tunnel between the NK823x LAN and the
management station across public or unprotected networks.
In the NK8237 unit download, the secure (default) option must be selected. Do
not use the FTP modes. For more information, refer to section Configuring IP
settings via NW8202 [➙ 43]).
The built-in NK823x firewall and routing capabilities only provide a basic level
of protection for gateway purposes. For this reason, the use of NK823x as
firewall for protecting subsystems, management stations, and customer
networks is not recommended. In installations with a critical infrastructure and
higher security requirements, the use of up-to-date, professional and properly
configured firewalls is highly recommended.
document (A6V10063710).
A6V10854379_a_en
30.11.2017

Advertisement

Table of Contents
loading

Related Manuals for Siemens NK8237 MP4.81-01

Related Content for Siemens NK8237 MP4.81-01

Table of Contents