⦁
Server Configuration
Where a server is employed for control over network addressing, encryption or re-transmission, such shall be
designed to remain in the "on state" at all times.
Communicators are not suitable for active communication channel security and medium or high risk
applications unless such can be "online" at all times, have a minimum 128 bit encryption scheme, have
encryption enabled, network and domain security implemented.
Network access policies shall be set to restrict unauthorized network access and "spoofing" or "denial of
service" attacks.
⦁
Internet Service Provider (ISP)
The Internet Service Provider (ISP) providing service shall meet the following requirements:
-
redundant servers/systems
-
back-up power
-
routers with firewalls enabled and
-
methods to identify and protect against "Denial of Service" attacks (i.e. via "spoofing")
⦁
Information Technology Equipment, Products or Components of Products
Products or components of products, which perform communications functions only, shall comply with the
requirements applicable to communications equipment as specified in CAN/CSA-C22.2 No. 62368-1,
Audio/video, information and communication technology equipment - Part 1: Safety requirements. Where
network interfaces, such as the following, are internal to the subscriber control unit or receiver, compliance to
CAN/CSA-C22.2 No. 62368-1 is adequate. Such components include, but are not limited to:
-
A) Hubs;
-
B) Routers;
-
C) Network interface devices;
-
D) Third-party communications service providers;
-
E) Digital subscriber line (DSL) modems; and
-
F) Cable modems.
⦁
Backup Power Requirements
Power for network equipment such as hubs, switchers, routers, servers, modems, etc., shall be backed up or
powered by an uninterruptible power supply (UPS), stand-by battery or the control unit, capable of facilitating
24h standby, compliant with Clauses 16.1.2 and 16.4.1 of CAN/ULC-S304.
For communications equipment employed at the protected premises or signal receiving center and intended
to facilitate packet switched communications, as defined in CAN/ULC-S304, 24h back-up power is required.
⦁
Compromise Attempt Events
ArmorIP detects the reception of any invalid packet on the programmed port as a potential system
compromise attempt
. Each compromise attempt sends a notification to the receiver, and logs a Compromise
Attempt event under the Live Panel Events.
The event is sent with the following details:
-
Account Code
as defined in the Serial Receiver settings
-
Event Code
0x163
-
Group Code
as defined in the Serial Receiver settings
-
Point Code
as defined in the Serial Receiver settings
Refer to the section
Global Settings | Serial Receiver
in the ArmorIP Version 3 Internet Monitoring Application
User Manual.
For UL and ULC installations the Central Station Receiving software must have the Contact ID details as
specified, programmed for the
Compromise Attempt
event.
⦁
Power Supply Mains Power Connection
If a flexible cord is used to connect to line voltage, strain relief must be provided for the cord inside the
enclosure or at the knockout.
The power supply is not intended to be mounted on the exterior of vault, safe, or stockroom.
PRT-HZX16-DIN | Protege Half DIN Rail 16 Input Expander | Installation Manual
28
