NK823x System Architecture

To ensure the system security and prevent physical damages and attacks that may compromise the system integrity and confidentiality, make sure to install NK823x units according to the following criteria:

• NK823x units must be updated to latest Kernel and firmware versions.
• NK823x units must be installed in locked cabinets (for example, a control panel housing or the dedicated NE8001 cabinet).
• Cabinets must be installed in locked rooms with constant surveillance and restricted access to authorized personnel only.
• The BACnet protocol, used between the NK823x units and the system, is an open and unprotected protocol. Therefore, the NK823x networks must be protected from unauthorized data access, use, disclosure, disruption, modification, and destruction. This concerns all networks that are somehow vulnerable due to external connections (WAN, Internet), open technologies (wireless networks), or any other risk of fraudulent access.
  To achieve the required level of security, the protective measures must include:
• The use of firewalls on the Intranet to filter external traffic and select the allowed ports.
  NOTE: The list of ports used by Desigo CC can be found in the System Description.
• The use of Virtual Private Networks (VPN) or other equivalent solutions to establish a secure (encrypted) tunnel between the NK823x LAN and the management station across public or unprotected networks.