Doors.NET - Network and Data Security and Encryption

Doors.NET - Network and Data Security and Encryption

1.0 Introduction

This document explains what security measures are in place with Doors.NET to minimize the possibility of data being intercepted or an unauthorised intrusion on the network. The Doors.NET™ system encrypts the data between the Application Server and the Gateways/Clients and also between the Gateway and the controllers. It is important to note that these are independent of each other and can be different encryption algorithms and bit strengths. Encryption capabilities are implemented in two areas: Network socket communications between the Application Server and all incoming connections and the Gateway communications to each controller connected to that Gateway.


2.0 Data Encryption

  1. The Doors.NET™ system uses 128-bit AES encryption to protect the data between the Application Server and the Gateways/Clients. AES-128 indicates the use of a 128-bit key and is the algorithm/bit strength supported between the controller and the Gateway.
  2. The Gateway communications to each controller connected to that Gateway is also encrypted.
  3. The gateway can also be configured to require TLS and option TLS certificate verification:



  4. Network socket communications are encrypted between the Application Server and all incoming connections and the Application Server is the only component that connects to the database.
  5. When using the most recent versions of Doors.NET, all passwords (not just admin) are stored using a one Hash algorithm that is unique to that system.  There is no way to determine a password in the database.


3.0 Controller Security

3.1 PXL-500 With LAN-520

  1. PXL-500 controllers when using LAN-520 modules - You can configure the LAN-520 with a Telnet password, or additionally, you can also disable Telnet setup and disable the web configuration manager.

  2. You can also change the TCP/IP communication port number.


3.2 NXT-MSC Controllers

Data security for connections between the NXT-MSC controllers and the Gateway is provided by the full implementation of the Federal Information Processing Standard, FIPS-197, utilizing the Advanced Encryption Standard (AES), also known as Rijandael, a symmetric encryption algorithm. FIPS-197 supersedes the aging Data Encryption Standard (DES) defined in FIPS-46-3.
  1. NXT-MSC controllers can be configured to use 128-bit AES encryption.
  2. NXT-MSC controllers can be configured with TLS, password, TLS+password and optionally IP address restriction when communicating with the gateway.
  3. The NXT-MSC have an enhanced security policy that requires someone to be physically near to the controller before they can log into the controller using the default username and password.


3.3 Mercury EP and LP Controllers

  1. The LP controllers use 128bit AES automatically when communicating with S3 downstream devices on the RS-485.
  2. EP/LP controllers can be configured with TLS, password, TLS+password and optionally IP address restriction when communicating with the gateway.  


  1. All LP controllers can be configured with 802.1X  if a RADIUS server is available on the network for authentication.  802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.


4.0 Reader Security

4.1 NXT Readers

  1. When Using NXT readers, the data between the reader and the credential is fully encrypted.
  2. The readers are also 'fully supervised' - so if the reader cable is severed or disconnected an offline notification event will appear almost immediately in the software.


4.2 OSDP Readers

  1. Use AES-128-bit encryption to prevent ‘man-in-the-middle’ attacks.
  2. Supports encryption between the reader and the controller which is independent of the reader and credential communication protocols.
  3. Again, as with NXT readers, they are continuously monitored, ensuring that the system is protected against threats.

    • Related Articles

    • Doors.NET Data Sheet

      Doors.NET Data Sheet (attached)
    • Doors.NET Troubleshooting Guide

      The following guide aims to assist you in troubleshooting and identifying some of the issues that may be encountered when setting up and using the Doors.NET software and supported hardware. Where there are multiple possible causes, the suggested ...
    • Doors.NET v5.1.0 Release Notes

      Doors.NET Release Notes - 01298-012 Rev. A Doors.NET v5.1.0 Software - 02635-012 OPERATING SYSTEM COMPATIBILITY Doors.NET software IS COMPATIBLE with: Windows 8.1 Windows 10 - all versions Windows 11 - all versions Windows Server 2012 and 2012 R2 ...
    • Doors.NET - Port Forwarding

      1.0 Introduction One method of connecting to controllers over the Internet is to use Port Forwarding on the router that the controller is connected to. Note: The controller's router needs to be set to a static IP address (a public, external IP ...
    • Doors.NET - Quick Start Guide

      1.0 Introduction This document covers the basic installation and configuration of Doors.NET with Standard NXT, PXL or NXT Mercury-Powered controller types. It assumes that the computer being used for the Doors.NET installation has a connection to the ...