SMARTVFD SECURITY GUIDE
31-00140—01
2
strongly that you consider reliable power for the
SmartVFD control system. System reliability is an
important security issue and following these requirements
and recommendations allows continuous monitoring and
ensures HVAC control system reliability.
IT Network
Typically a static IP address is used for accessing the
BACnet/IP to MS/TP router. Refer to your user manual to
access the configuration menu in the MS/TP router.
See additional notes in “APPENDIX 1 - IT NETWORK
NOTES” on page 3.
See additional notes in “APPENDIX 4 - SMARTVFD PC
SECURITY INFORMATION” on page 4 for Installation
Security Issues.
Lon/ BACnet/Modbus/N2
Communications Bus
It is required that physical security access to SMARTVFD
communications bus wiring be accomplished by:
1.
Installing wiring in physically inaccessible locations
that restricts physical access to the Lon or BACnet
communications bus.
Or
2.
Installing wire in conduit.
This required physical security access protection is
important to prevent security threats to the control
system. Failure to protect the Communication bus can
lead to critical security issues. For example, data loss or
corruption could result due to not following the required
protection for the Lon or BACnet communication bus.
See “APPENDIX 2 - INSTALLATION BEST PRACTICES” on
page 3.
Secure and Unique Passwords
User-level parameter access to the SmartVFD via the
keypad can be restricted to monitoring only through the
use of an access code settable on the keypad, parameter
P8.1 and P8.2.
Access to the SmartVFD directly by PC via the Drive Care
Tool software (and the HVFDCDMCA hardware kit)
requires no password.
Any PC application accessing the SmartVFD via the BMS
or router should be protected with a robust password.
See “APPENDIX 3 - SECURITY MAINTENANCE TASKS” on
page 3.
PCs used to access the SmartVFD
Each PC used for accessing the SmartVFD either via the
HVFDCDMCA kit and Drive Care Tool or remotely via a
communication bus or ethernet must be protected as a
secure platform. Maintaining a secure client platform will
involve OS updates, anti-virus software, and protection of
local ports from attacks including spam, phishing, and
physical compromise.
See “APPENDIX 4 - SMARTVFD PC SECURITY
INFORMATION” on page 4 for Installation security issues.
See “APPENDIX 5 - FIREWALL AND NETWORK
INTRUSION ISSUES” on page 6 for PC security
information.
See “APPENDIX 6 - HARDENING AND COMPUTER
ISSUES” on page 7.
MAINTENANCE
This sections contains information for maintaining the
SMARTVFD system.
Make sure SmartVFD clients (PCs) are running up to date
virus software and comply with Corporate PC security
standards.
The Gateway is associated with the building during
commissioning and should be inspected periodically for
connection. If there is no connection, the connection
issues should be resolved in a timely manner.
DECOMMISSIONING
This section contains information for maintaining the
SmartVFD system.
There is no specific process for decommissioning the
SmartVFD. Simply shutting it off or physically removing
the wiring to the device will remove the SmartVFD from the
system.