Table of Contents
Advertisement
16
en | Security precautions
–
–
–
–
–
–
–
–
–
2022-12 | V1.70 |
avoid that the second network socket is accessible. Other PROMATRIX 9000 equipment
should be installed in an area that is only accessible by authorized people to avoid
tampering.
Use an Intrusion Protection System (IPS) with port security where possible to monitor
the network for malicious activity or policy violations.
PROMATRIX 9000 uses secure OMNEO for its network connections. All control and audio
data exchange use encryption and authentication, but the system controller allows the
configuration of unsecure Dante or AES67 audio connections as an extension of the
system, both as inputs and as outputs. These Dante/AES67 connections are not
authenticated and not encrypted. They form a security risk, as no precautions are taken
against malicious or accidental attacks through their network interfaces. For highest
security, these Dante/AES67 devices should not be used as part of the PROMATRIX 9000
system. If such inputs or outputs are needed, use unicast connections.
For security reasons, by default the PRA-ES8P2S Ethernet switch is not accessible from
the Internet. When the default (special link‑local) IP‑address is changed to an address
outside the link‑local range (169.254.x.x/16), then also the default (published) password
must be changed. But even for applications on a closed local network, for highest security
the password may still be changed. Refer to Installation.
To enable SNMP, for example to use the Dynacord Network analysis tool OMN‑DOCENT,
use SNMPv3. SNMPv3 provides much better security with authentication and privacy.
Select the authentication level SHA and encryption via AES. To configure the switch
accordingly, refer to Installation.
From PROMATRIX 9000 software version 1.50 onwards, the PRA-ES8P2S switches and
the CISCO IE-5000 series switches report their power fault and network connection
status directly to the PROMATRIX 9000 system controller through SNMP. The switches
can be daisy-chained without an OMNEO device between them for connection
supervision. The PRA-ES8P2S is preconfigured for this purpose from custom firmware
version 1.01.05 onwards.
The system controller webserver uses secure HTTPS with SSL. The web server in the
system controller uses a self‑signed security certificate. When you access the server via
https, you will see a Secure Connection Failed error or warning dialog indicating that the
certificate was signed by an unknown authority. This is expected and to avoid this
message in the future you have to create an exception in the browser.
Make sure that new user accounts for system configuration access use sufficiently long
and complex passwords. The user name must have between 5 and 64 characters. The
password must have between 4 and 64 characters.
The PROMATRIX 9000 system controller provides an Open Interface for external control.
Access via this interface requires the same user accounts as for system configuration
access. In addition, the system controller generates a certificate to setup the TLS
(secure) connection between the system controller and the Open Interface client.
Download the certificate and open/install/save the crt‑file. Activate the certificate on the
client PC. Refer to System security in the PROMATRIX 9000 configuration manual.
System access to the devices of this system is secured via the OMNEO security user name
and passphrase of the system. The system uses a self-generated user name and long
passphrase. This can be changed in the configuration. The user name must have between
5 and 32 characters and the passphrase must have 8 to 64 characters. To update the
firmware of the devices, the firmware upload tool requires this security user name and
passphrase to get access.
Release notes
PROMATRIX 9000
Dynacord
Advertisement
Table of Contents
