- The Ethernet Link Failure trouble input must be programmed.
- The Trouble Input Area must be armed. Refer to the section Trouble Inputs | Areas and Input Types in the
Operator Reference Manual.
- The Log Modem Events to Event Buffer option must be selected in the backup reporting service.
⦁ Network and Domain Access
Neither the subscriber control unit nor the signal receiving center receiver shall be susceptible to security
breaches in general-purpose operating systems.
Network access policies should be set to restrict unauthorized network access and "spoofing" or "denial of
service" attacks.
⦁ Ethernet Connections
All ethernet network connections shall be installed within the same room as the equipment.
⦁ Encryption
For active communications channel security, encryption shall be enabled at all times.
The ArmorIP-E (UDP) protocol must be used and the Encryption Type must be set to AES-256.
The following options must be enabled for the Report IP service in the Protege system.
- The Reporting Protocol must be set to ArmorIP (UDP) Encrypted. The AES key must be set as specified
by monitoring station.
- Refer to the section Report IP | General in the Operator Reference Manual.
⦁ Server Configuration
Where a server is employed for control over network addressing, encryption or re-transmission, such shall be
designed to remain in the "on state" at all times.
Communicators are not suitable for active communication channel security and medium or high risk
applications unless such can be "online" at all times, have a minimum 128 bit encryption scheme, have
encryption enabled, network and domain security implemented.
Network access policies shall be set to restrict unauthorized network access and "spoofing" or "denial of
service" attacks.
⦁ Internet Service Provider (ISP)
The Internet Service Provider (ISP) providing service shall meet the following requirements:
- redundant servers/systems
- back-up power
- routers with firewalls enabled and
- methods to identify and protect against "Denial of Service" attacks (i.e. via "spoofing")
⦁ Information Technology Equipment, Products or Components of Products
Products or components of products, which perform communications functions only, shall comply with the
requirements applicable to communications equipment as specified in CAN/CSA-C22.2 No. 62368-1,
Audio/video, information and communication technology equipment - Part 1: Safety requirements. Where
network interfaces, such as the following, are internal to the subscriber control unit or receiver, compliance to
CAN/CSA-C22.2 No. 62368-1 is adequate. Such components include, but are not limited to:
- A) Hubs;
- B) Routers;
- C) Network interface devices;
- D) Third-party communications service providers;
- E) Digital subscriber line (DSL) modems; and
- F) Cable modems.
⦁ Backup Power Requirements
Power for network equipment such as hubs, switchers, routers, servers, modems, etc., shall be backed up or
powered by an uninterruptible power supply (UPS), stand-by battery or the control unit, capable of facilitating
24h standby, compliant with Clauses 16.1.2 and 16.4.1 of CAN/ULC-S304.
For communications equipment employed at the protected premises or signal receiving center and intended
to facilitate packet switched communications, as defined in CAN/ULC-S304, 24h back-up power is required.
PRT-CTRL-DIN | Protege GX DIN Rail Integrated System Controller | Installation Manual 56
To Next Page
Loading...
