Doors.NET - Network and Data Security and Encryption
1.0 Introduction
This document explains what security measures are in place with Doors.NET to minimize the possibility of data being intercepted or an unauthorised intrusion on the network. The Doors.NET™ system encrypts the data between the Application
Server and the Gateways/Clients and also between the Gateway and the controllers. It is
important to note that these are independent of each other and can be different
encryption algorithms and bit strengths.
Encryption capabilities are implemented in two areas: Network socket communications
between the Application Server and all incoming connections and the Gateway
communications to each controller connected to that Gateway.
2.0 Data Encryption
- The Doors.NET™ system uses 128-bit AES encryption to protect the data between the
Application Server and the Gateways/Clients. AES-128 indicates the use of a 128-bit key and is the algorithm/bit strength supported between the controller and the Gateway.
- The Gateway communications to each controller connected to that Gateway is also encrypted.
- The gateway can also be configured to require TLS and option TLS certificate verification:
- Network socket communications are encrypted between the Application Server and all incoming connections and the Application Server is the only component that connects to the database.
- When using the most recent versions of Doors.NET, all
passwords (not just admin) are stored using a one Hash algorithm that
is unique to that system. There is no way to determine a password in
the database.
3.0 Controller Security
3.1 PXL-500 With LAN-520
You can also change the TCP/IP communication port number.
3.2 NXT-MSC Controllers
Data security for connections between the NXT-MSC controllers and the Gateway is
provided by the full implementation of the Federal Information
Processing Standard, FIPS-197, utilizing the Advanced Encryption
Standard (AES), also known as Rijandael, a symmetric encryption
algorithm. FIPS-197 supersedes the aging Data Encryption Standard (DES)
defined in FIPS-46-3.
- NXT-MSC controllers can be configured to use 128-bit AES encryption.
- NXT-MSC controllers can be configured with TLS, password, TLS+password and
optionally IP address restriction when communicating with the gateway.
- The NXT-MSC have an enhanced security policy that requires someone to be physically near to the controller before they can log into the controller using the default username and password.
3.3 Mercury EP and LP Controllers
- The LP controllers use 128bit AES automatically when communicating with S3 downstream devices on the RS-485.
- EP/LP
controllers can be configured with TLS, password, TLS+password and
optionally IP address restriction when communicating with the gateway.
- All
LP controllers can be configured with 802.1X if a RADIUS server is
available on the network for authentication. 802.1X is a network
authentication protocol that opens ports for network access when an
organization authenticates a user’s identity and authorizes them for
access to the network. The user’s identity is determined based on their
credentials or certificate, which is confirmed by the RADIUS server.
4.0 Reader Security
4.1 NXT Readers
- When Using NXT readers, the data between the reader and the credential is fully encrypted.
- The readers are also 'fully supervised' - so if the reader cable is severed or disconnected an offline notification event will appear almost immediately in the software.
4.2 OSDP Readers
- Use AES-128-bit encryption to prevent ‘man-in-the-middle’ attacks.
- Supports encryption between the reader and the controller which is independent of the reader and credential communication protocols.
- Again, as with NXT readers, they are continuously monitored, ensuring that the system is protected against threats.
Related Articles
Doors.NET Data Sheet
Doors.NET Data Sheet (attached)
Doors.NET Troubleshooting Guide
The following guide aims to assist you in troubleshooting and identifying some of the issues that may be encountered when setting up and using the Doors.NET software and supported hardware. Where there are multiple possible causes, the suggested ...
Doors.NET - Port Forwarding
1.0 Introduction One method of connecting to controllers over the Internet is to use Port Forwarding on the router that the controller is connected to. Note: The controller's router needs to be set to a static IP address (a public, external IP ...
Doors.NET v5.1.0 Release Notes
Doors.NET Release Notes - 01298-012 Rev. A Doors.NET v5.1.0 Software - 02635-012 OPERATING SYSTEM COMPATIBILITY Doors.NET software IS COMPATIBLE with: Windows 8.1 Windows 10 - all versions Windows 11 - all versions Windows Server 2012 and 2012 R2 ...
Doors.NET - Quick Start Guide
1.0 Introduction This document covers the basic installation and configuration of Doors.NET with Standard NXT, PXL or NXT Mercury-Powered controller types. It assumes that the computer being used for the Doors.NET installation has a connection to the ...