Dahua DHI-ASA3223A-W - User Manual

This document provides a comprehensive guide for the Face Recognition Time & Attendance device, covering its installation, configuration, and operational aspects. It emphasizes safety, proper usage, and cybersecurity recommendations to ensure optimal performance and data protection.

Function Description

The Face Recognition Time & Attendance device is designed for efficient and secure time and attendance management, leveraging advanced face recognition technology. It serves as a robust solution for tracking employee work hours, managing access, and enhancing overall security within various environments. Beyond face recognition, the device also supports fingerprint and card-based authentication, offering flexibility in user identification methods. This multi-modal authentication capability ensures that organizations can choose the most suitable and convenient method for their specific needs, or combine them for enhanced security. The device is capable of storing user information, including names, user IDs, face images, fingerprints, and card numbers, facilitating comprehensive user management. It can be initialized for first-time use, allowing administrators to set up a secure password and email address for the admin account, which is crucial for maintaining system integrity. The system also supports the addition of new users, enabling the configuration of individual user parameters such as user ID, name, face, password, user level, valid date, department, and shift mode. This detailed user management ensures that each individual's access and attendance are precisely controlled and recorded. Furthermore, the device integrates with a web interface, allowing for remote configuration and updates, which streamlines management tasks and provides greater operational flexibility. This web-based access means that administrators can manage the device from any networked computer, making it easier to monitor and adjust settings as needed. The device's primary function is to accurately record time and attendance data, which can then be used for payroll processing, compliance reporting, and workforce management. Its ability to trigger alarms for duress fingerprints or cards adds an extra layer of security, alerting personnel to potential threats or unauthorized access attempts.

Usage Features

The Time & Attendance device is designed for user-friendly operation and versatile deployment. Its installation requirements are clearly outlined, recommending an optimal height of 1.4 meters from the lens to the ground to ensure accurate face recognition. Ambient illumination is a critical factor, with recommendations for light levels at 0.5 meters from the device to be no less than 100 lux. To prevent performance issues, it is advised to install the device indoors, at least 3 meters away from windows and doors, and 2 meters away from direct light sources, avoiding backlight, direct sunlight, close light, and oblique light. This careful placement ensures consistent and reliable recognition performance. The device offers multiple installation methods, including wall mount, 86 box mount, and table mount, catering to different environmental and aesthetic needs. The wall mount involves drilling holes and fixing an installation bracket, while the 86 box mount utilizes an existing electrical box for a cleaner integration. The table mount provides a portable option, allowing the device to be placed on a desk or counter. These flexible installation options make the device adaptable to various office layouts and security checkpoints. For user registration, the device provides clear instructions for fingerprint and face registration. When registering fingerprints, users are advised to ensure their fingers and the scanner surface are clean and dry, and to press their finger on the center of the scanner. Forefingers, middle fingers, and ring fingers are recommended for better registration accuracy. For face registration, users must ensure their face is centered in the capture frame, avoiding glasses, hats, heavy beards, or facial expressions that might obstruct recognition. The device automatically captures the face image, and users can re-register if the initial capture is unsatisfactory. Proper face position and distance from the camera are crucial for optimal recognition, with guidelines provided to avoid issues such as being too close, too far, too short, or too tall in relation to the camera. The device's web interface allows administrators to log in using a secure username and password, enabling remote configuration and updates. The system emphasizes strong password policies, requiring passwords to be 8 to 32 non-blank characters, including at least two types of characters (upper case, lower case, numbers, and special characters), and avoiding easily guessable patterns. This focus on secure access ensures that the device's settings and data remain protected.

Maintenance Features

Maintaining the Face Recognition Time & Attendance device involves several key practices to ensure its longevity, security, and optimal performance. Regular software and firmware updates are crucial. The manual strongly recommends keeping the device's firmware up-to-date to benefit from the latest security patches and bug fixes. For devices connected to a public network, enabling an "auto-check for updates" function is advised to receive timely notifications from the manufacturer. Similarly, using the latest version of client software is recommended for compatibility and enhanced functionality. Physical protection of the device and its storage components is another important aspect. Placing the equipment in a secure computer room or cabinet and implementing robust access control measures can prevent unauthorized physical contact, hardware damage, or tampering. This includes safeguarding against unauthorized connections of removable equipment like USB flash drives or serial ports. Cybersecurity is a significant focus, with detailed recommendations provided to enhance the device's network security. This includes using strong, complex passwords that are changed regularly to minimize the risk of unauthorized access. The device supports a password reset function, and users are encouraged to set up related information, such as an email address and security questions, to facilitate recovery if the password is forgotten. The account lock feature, enabled by default, helps prevent brute-force attacks by locking accounts and source IP addresses after multiple failed login attempts. Changing default HTTP and other service ports to non-standard numbers (between 1024-65535) can reduce the risk of outsiders guessing which ports are in use. Enabling HTTPS is recommended for secure web service communication, ensuring that data transmitted over the network is encrypted. MAC address binding further enhances security by linking the device's IP and MAC address to the gateway, mitigating ARP spoofing risks. Assigning accounts and privileges reasonably, based on business and management requirements, ensures that users only have the necessary permissions, adhering to the principle of least privilege. Disabling unnecessary services like SNMP, SMTP, or UPnP, if not required, can reduce potential vulnerabilities. When services are necessary, using secure modes (e.g., SNMP v3 with strong encryption, TLS for SMTP, SFTP for FTP, WPA2-PSK for AP hotspot) is advised. For sensitive audio and video data, enabling encrypted transmission is recommended, despite a potential slight loss in transmission efficiency. Secure auditing features, such as checking online users and equipment logs, allow administrators to monitor for unauthorized logins and key operations, providing valuable insights into system activity. Implementing network logging to synchronize critical logs to a network log server ensures that historical data is retained for tracing, especially given the device's limited internal storage capacity. Finally, constructing a safe network environment involves disabling router port mapping, partitioning and isolating networks using VLANs or network GAPs, establishing 802.1x access authentication, and enabling IP/MAC address filtering to restrict access to authorized hosts. These comprehensive maintenance and security practices ensure the device operates reliably and securely over time.