48
PRT-CTRL-SE
Protege SE Integrated System Controller
Installation Manual | June 2017
Encryption
For active communications channel security, encryption shall be enabled at all times.
The ArmorIP-E (UDP) protocol must be used and the Encryption Type must be set to AES-256.
The following options must be enabled for the the Report IP service in the Protege System.
The Reporting Protocol must be set to ArmorIP (UDP) Encrypted. The AES key must be set as
specified by monitoring station.
Refer to the section
Report IP Service
in the Protege System Controller Reference Manual
(227-4045-500).
Server Configuration
Where a server is employed for control over network addressing, encryption or re-transmission, such shall
be designed to remain in the “on state” at all times.
Communicators are not suitable for active communication channel security and medium or high risk
applications unless such can be "on line" at all times, have a minimum 128 bit encryption scheme, have
encryption enabled, network and domain security implemented.
Network access policies shall be set to restrict unauthorized network access and "spoofing" or "denial of
service" attacks.
Internet Service Provider (ISP)
The Internet Service Provider (ISP) providing service shall meet the following requirements:
redundant servers/systems
back-up power
routers with firewalls enabled and
methods to identify and protect against "Denial of Service" attacks (i.e. via "spoofing")
Information Technology Equipment, Products or Components of Products
Products or components of products, which perform communications functions only, shall comply with the
requirements applicable to communications equipment as specified in CAN/CSA-C22.2 No. 60950-1,
Information Technology Equipment Safety - Part 1: General Requirements. Where network interfaces, such
as the following, are internal to the subscriber control unit or receiver, compliance to CAN/CSA-C22.2 No.
60950-1 is adequate. Such components include, but are not limited to:
A) Hubs;
B) Routers;
C) Network interface devices;
D) Third party communications service providers;
E) Digital subscriber line (DSL) modems; and
F) Cable modems.
BELL / SIREN
Bell / Siren for 30 min standby requirements shall comply with CAN/ULC-S303.
Backup Power Requirements
Power for network equipment such as hubs, switchers, routers, servers, modems, etc., shall be backed up
or powered by an un-interruptable power supply (UPS), stand-by battery or the control unit, capable of
facilitating 24 h standby, compliant with Clauses 16.1.2 and 16.4.1 of CAN/ULC-S304-06.
For communications equipment employed at the protected premises or signal receiving centre and intended
to facilitate packet switched communications, as defined in CAN/ULC-S304, 24 h back-up power is
required.
Compromise Attempt Events
ArmorIP automatically detects the reception of any invalid packet on the programmed port as a potential
system compromise attempt. Each compromise attempt sends a notification to the receiver, and logs a
Compromise Attempt event in the Events Tab.
The event is sent with the following details:
Account Code as defined in the Account settings on the Ademco 685 tab of the Preferences Menu
Event Code 0x163
Group Code as defined in the Details settings on the Ademco 685 tab of the Preferences Menu
Point Code as defined in the Details settings on the Ademco 685 tab of the Preferences Menu