Borealis Security FAQs

Borealis Security FAQs

Frequently Asked Borealis Security Questions 


What security software is enabled/pre-installed on the hub?
A Firewall is installed and enabled on the hub.

·       What is the transport security for a Borealis system? 
Borealis Cloud is fully deployed under an Amazon VPC (Virtual Private Cloud) with multiple subnets. Reference: https://aws.amazon.com/vpc/. For transport we use an SSL certificate.

·       How can the Borealis Security Certificate be viewed? 
On a web browser, go to the Borealis URL (https://keri.aetheros.net>> Click the small lock icon to the left of the address field >> Click Connection is Secure >> Click the small certificate icon. The certificate details will then appear.

·       Does the system operator have single or two-factor authentication?
By default, single-factor authentication is enabled for a Borealis operator – but two-factor authentication can be enabled once the user is logged-in. Two-factor authentication is via password and Email.

·       How long does the user authentication token last? 
The access token lasts for 20 minutes and the refresh token is 14 days.

·       What authentication is there between a remote workstation, the hub and the Cloud? 
The authentication between a workstation and the Cloud is by using the Authorization Code Flow and the authentication between a hub and the Cloud is by using machine-to-machine authentication.

What communication port numbers would need to be added to a corporate firewall? 
From browser to Cloud Borealis uses TCP/IP port 443 for HTTPS. TCP/IP port 443 is also used from the hub to the Cloud. Aside of the regular flow, the hubs have Zoho Assist for remote technical support sessions which uses TCP/IP port 443.

In addition, hubs also use the following ports for controller communication and scanning.
  1. NXT-MSC hub uses TCP/IP port 3001 (default port number) for communicating and UDP port 5353 when scanning for MSC controllers.
  2. True Mercury controllers (EP and LP series) also use TCP/IP port 3001 (default port number) for communicating and UDP port 5353 when scanning.
  3. An NXT hub uses TCP/IP port 10050 for communicating and the following UDP ports for scanning for controllers: 11434, 11435, 11067 and 11068.
  4. A PXL hub uses remote TCP/IP port 10001 (default port) and server-side TCP/IP port 11021 (default port) for communication and scanning.

Are there any open inbound ports required on the customer network for the Borealis Hub?
No - the Borealis hub does not allow any inbound connections. All communication with the Borealis Cloud is initiated outbound by the hub using HTTPS over TCP port 443. Even real-time commands sent from the Cloud are delivered over a persistent SignalR connection that is established by the hub during startup. This ensures a more secure posture, as there is no requirement to open inbound firewall rules.

·       
How can I find the hub’s MAC address (if the IT department are restricting access to the router by MAC address)?
The hub’s MAC address can be found printed on the outside of the hub. It can also be found via the main menu >> Hubs - this will display the Hubs screen and the hub's MAC address will be shown.



How are the hubs updated?
The Borealis system hubs are updated using an internally built service called the ‘Updater Service’.


Borealis Network Schematic and Communication Ports




    • Related Articles

    • Borealis FAQs

      1.0 Borealis General Questions What is Borealis? Borealis is Keri Systems’ cloud-based access control system. Borealis gives you complete visibility and control of your system from any computer, tablet or mobile device that has a web browser and an ...

    • Borealis Troubleshooting Guide

      1.0 Borealis System Troubleshooting Cannot view the System - This is most likely caused by the registered account not being added as a system operator. Once an e-mail has been registered and verified, that e-mail address should then be added as a new ...

    • Borealis Overview

      1.0 Introduction The new Borealis Cloud user interface is a completely new and re-designed front end for Borealis. It is extremely easy to learn and operate and allows you to quickly and easily find all your access control data - all in one place. ...

    • Update Operator Security Question

      The following steps explain how to change the security question that is associated with your Borealis account. The security question and answer is used if you have lost your log in password and therefore wish to reset the password. From the Borealis ...

    • Borealis Data Sheet

      Borealis Data Sheet (attached) Note: The attached data sheet also contains the hub specifications and technical details.