• No results found

AEOS cybersecurity: high-level protection against physical & digital threats

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "AEOS cybersecurity: high-level protection against physical & digital threats"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Engineer

1 Provide AEOS user with access

to assigned controllers

2 Single user*

1 SAML 2 LDAP

3 Manual Username / password*

1 HTTPS (custom certificates) 2 HTTPS (default certificates)*

1 HTTPS (custom certificates) 2 HTTPS (default certificates)*

1 End to end – High secure 2 802.1x 3 Secure mode 4 Transparent 1 DIP 2 Transparent 3 OSDP secure 4 RS485nr / Wiegand* Reception / guard

AEOS Server Database

Web-application Controller Reader * Default Encrypted Encrypted Encrypted Encrypted Encrypted

Fit for purpose solutions via secured integrations

AEOS cybersecurity: high-level protection against physical & digital threats

Technology Partner Programme

Integrations support a variety

of security possibilities

In AEOS core:

• Physical Access Control • Locker Management • Intrusion Detection

Integrations via the Technology Partner

Programme:

• Readers

• Wireless locks • Key cabinets

• Physical Security Information Management (PSIM) • Video Management

(2)

Engineer

1 Provide AEOS user with access

to assigned controllers 2 Single user* 1 HTTPS (custom certificates) 2 HTTPS (default certificates)* 1 HTTPS (custom certificates) 2 HTTPS (default certificates)*

1 End to end – High secure 2 802.1x 3 Secure mode 4 Transparent 1 DIP 2 Transparent 3 OSDP secure 4 RS485nr / Wiegand*

AEOS Server Database

Web-application Controller Reader * Default Encrypted Encrypted Encrypted Encrypted Encrypted

Fit for purpose solutions via secured integrations

AEOS cybersecurity: high-level protection against physical & digital threats

Technology Partner Programme

Reception / guard

1 SAML

Security Assertion Markup Language

With the use of SAML, an external Identity Provider can be added between client workstation and the AEOS server. Providing you additional login functionalities like two-factor authentication via for example Okta.

2 LDAP

Lightweight Directory Access Protocol

With the use of LDAP, you can allow access to AEOS for users with their Windows login credentials. This can be configured to Single Sign On as well.

3 Manual Username / password*

By default, AEOS users are manually created giving people access with username and (strong) password. 1 SAML

2 LDAP

(3)

Engineer

1 Provide AEOS user with access

to assigned controllers

2 Single user*

1 SAML 2 LDAP

3 Manual Username / password*

1 HTTPS (custom certificates) 2 HTTPS (default certificates)*

1 End to end – High secure 2 802.1x 3 Secure mode 4 Transparent 1 DIP 2 Transparent 3 OSDP secure 4 RS485nr / Wiegand* Reception / guard

AEOS Server Database

Web-application Controller Reader * Default Encrypted Encrypted Encrypted Encrypted Encrypted

Fit for purpose solutions via secured integrations

AEOS cybersecurity: high-level protection against physical & digital threats

Technology Partner Programme

Web-application

1 HTTPS (custom certificates)

The communication between client workstation and server is secured via self-signed certificates using TLS. This can be customized to customer specific certificates.

2 HTTPS (default certificates)*

By default, after an AEOS installation.

The communication between client workstation and server is secured via self-signed certificates using up-to-date TLS versions.

(4)

1 SAML 2 LDAP

3 Manual Username / password*

1 HTTPS (custom certificates) 2 HTTPS (default certificates)*

1 HTTPS (custom certificates) 2 HTTPS (default certificates)*

1 End to end – High secure 2 802.1x 3 Secure mode 4 Transparent 1 DIP 2 Transparent 3 OSDP secure 4 RS485nr / Wiegand* Reception / guard

AEOS Server Database

Web-application Controller Reader * Default Encrypted Encrypted Encrypted Encrypted Encrypted

Fit for purpose solutions via secured integrations

AEOS cybersecurity: high-level protection against physical & digital threats

Technology Partner Programme

Engineer

1 Provide AEOS user with access to

assigned controllers

You can give AEOS system users access rights to login on an AEpu using their AEOS user name and password. This allows you to give users access to the for them relevant controller and log their personal activities on the controllers.

2 Single user*

By default, AEOS comes with a pre-configured single username/password for all controllers. The password can be changed, but username stays the same.

Engineer

(5)

Engineer

1 Provide AEOS user with access

to assigned controllers

2 Single user*

1 SAML 2 LDAP

3 Manual Username / password*

1 HTTPS (custom certificates) 2 HTTPS (default certificates)*

1 End to end – High secure 2 802.1x 3 Secure mode 4 Transparent 1 DIP 2 Transparent 3 OSDP secure 4 RS485nr / Wiegand* Reception / guard AEOS Server Web-application Controller Reader * Default Encrypted Encrypted Encrypted Encrypted Encrypted

Fit for purpose solutions via secured integrations

AEOS cybersecurity: high-level protection against physical & digital threats

Technology Partner Programme

Database

1 HTTPS (custom certificates)

Similar to the HTTPS security at the client

workstation. The communication between AEOS and Database can be secured via TLS as well. This is done via provided certificates by the setup (self-signed), or with customer specific certificates.

2 HTTPS (default certificates)*

Similar to the HTTPS security at the client

(6)

Engineer

1 Provide AEOS user with access

to assigned controllers

2 Single user*

1 SAML 2 LDAP

3 Manual Username / password*

1 HTTPS (custom certificates) 2 HTTPS (default certificates)* 1 HTTPS (custom certificates) 2 HTTPS (default certificates)* 1 DIP 2 Transparent 3 OSDP secure 4 RS485nr / Wiegand* Reception / guard

AEOS Server Database

Web-application Reader * Default Encrypted Encrypted Encrypted Encrypted Encrypted

Fit for purpose solutions via secured integrations

AEOS cybersecurity: high-level protection against physical & digital threats

Technology Partner Programme

Controller

1 End to end – High secure

In addition to the secure mode below in option 3. To alternate and manage the certificates on Nedap controllers, you require a Certificate Management Server. This server manages and distributes the certificates to all Nedap controllers, and stores them on a SAM (Secure Access Module) which is placed in the controller.

2 802.1x

The 802.1x is a industry standard protocol to allow you to authenticate devices connected to your network. A connection with the network is only allowed after the protocol trusted the relation (based on certificates) between the device (Nedap controller) and the authentication server. The authentication server is arranged and managed by customers IT department.

3 Secure mode

Within every AEOS installation, you have the option the enable secure mode. This enables a secured TLS connection based on Nedap provided certificates between the AEOS server and Nedap controllers.

4 Transparent

In common practice Access control, the reader contains card data like card keys to decrypt the card. This means your card data is placed outside your building in the readers. By setting the reader to transparent mode, you shift all sensitive card data from the reader to the controller. And hereby to the safe side of the door. All decrypting of card data is done in the controller itself. To support this, the controller must be configured in Transparent as well. 1 End to end – High secure

(7)

Engineer

1 Provide AEOS user with access

to assigned controllers

2 Single user*

1 SAML 2 LDAP

3 Manual Username / password*

1 HTTPS (custom certificates) 2 HTTPS (default certificates)*

1 HTTPS (custom certificates) 2 HTTPS (default certificates)*

1 End to end – High secure 2 802.1x

3 Secure mode 4 Transparent

Reception / guard

AEOS Server Database

Web-application Controller * Default Encrypted Encrypted Encrypted Encrypted Encrypted

Fit for purpose solutions via secured integrations

AEOS cybersecurity: high-level protection against physical & digital threats

Technology Partner Programme

Reader

1 DIP

This is a (by Nedap created) open standard to create communication between the Nedap controller and readers or scanners. This communication can be done over TCP/IP (or in the future rs485).

2 Transparent

In common practice Access control, the reader contains card data like card keys to decrypt the card. This means your card data is placed outside your building in the readers. By setting the reader to transparent mode, you shift all sensitive card data from the reader to the controller. And hereby to the safe side of the door. All decrypting of card data is done in the controller itself.

3 OSDP secure

One of the most used industry standards for readers. Via OSDP you can connect third-party readers to Nedap controllers. OSDP also has the possibility to encrypt the communication via OSDP secure. The encryption is done via a so called ‘Encryption key’ of 32 character long.

4 RS485nr / Wiegand*

RS485NR

Nedap’s standard for our own reader portfolio. Secured via RC4 encryption.

Wiegand

References

Download now ( PDF - 7 Page - 1.23 MB )

Related documents

Attitudes of Children Towards Augmentative and Alternative Communication Systems

A significant difference between the mean of total scores of the groups supported the hypothesis that the attitudes of children to peers with physical

rest easy 10. Underwritten by The Manufacturers Life Insurance Company - a trusted name and industry leader.

Please note that some additional conditions may apply to your life and/or total disability insurance coverage if you have a mortgage where the outstanding balance is not

IN THE SUPREME COURT OF MISSISSIPPI NO CA SCT JOYCE SHEFFIELD v. DR. KEN GOODWIN, D.M.D., INDIVIDUALLY AND d/b/a KEN GOODWIN, D.M.D., P.A.

Sheffield alternatively contends that DuBard's testimony should be allowed to establish negligence by the nurses and staff of Ken Goodwin, DMD, P.A.. However, neither

Associations of gestational weight gain with offspring thinness and obesity: by prepregnancy body mass index

Conclusions: Inadequate GWG was associated with an increased risk of offspring thinness, whereas excessive GWG was associated with an increased risk of offspring overweight and

Community’s perceptions of pre-eclampsia and eclampsia in Sindh Pakistan: a qualitative study

HDP: hypertensive disorders of pregnancy; MMR: maternal mortality ratio; CLIP: community level interventions for pre-eclampsia; FGD: focus group discussion..

NATIONAL BIOETHICS COMMITTEE

Muhammad Arif Munir informed the house that as per decision of the last NBC meeting, Dr Farooq Azam Jan, DGHS Balochistan will follow with Secretary Health regarding notification of

How To Understand The History Of Defense Costs In Hospital Liability

Medical Professional Liability insurers’ dedication to expert claims handling has had a positive impact on the overall MPL claim environment and is further evidenced by the

Faculty of Economics & Business Administration, Alexandru Ioan Cuza University of Iasi, Romania

Research and Monetary Policy Department, Central Bank of the Republic of