1. Manuals
  2. Brands
  3. Honeywell Manuals
  4. Control Panel
  5. Pro-Watch 7000
  6. Security manual

Honeywell Pro-Watch 7000 Security Manual

Access control panels
Hide thumbs Also See for Pro-Watch 7000:
Table of Contents

Quick Links

Pro-Watch 7000
Security Manual
Rev 1.0
Security Manual
Table of Contents
loading

Related Manuals for Honeywell Pro-Watch 7000

Summary of Contents for Honeywell Pro-Watch 7000

  • Page 1 Pro-Watch 7000 Security Manual Rev 1.0 Security Manual...
  • Page 2 All product and brand names are the service marks, trademarks, registered trademarks, or registered service marks of their respective owners. Printed in the United States of America. Honeywell reserves the right to change any information in this document at any time without prior notice.

  • Page 3: Table Of Contents

    Default User Account ......................4 Unique User Account ......................4 Use a unique account for each project ................5 Minimum Required Permissions..................5 Password policies........................... 5 Authorized IP Addresses......................6 Information Services ......................6 Operations ............................7 PW7K Security Manual @Honeywell Inc...
  • Page 4 System Audit ..........................7 Encryption and Authentication....................7 Host Controller Encryption ....................7 Encryption mechanism ......................8 Reader Communications ......................8 Controllers to SIO Communication...................8 Data at Rest Encryption......................9 Network Ports...........................9 Physical Ports, Protocols, and Services ................9 Equipment Replacement/Decommissioning ..............9 PW7K Security Manual @Honeywell Inc...
  • Page 5 The information and spec- ifications in this document are subject to change without notice.
  • Page 6 This page is intentionally left blank PW7K Security Manual @Honeywell Inc...

  • Page 7: Chapter 1 - Introduction

    This guide provides additional information to the end user for a secure deployment and operation of the PW7K access panel. Related Documents • PW7K Quick Start Guide • PW7K Installation Guide • PW7K User Guide PW7K Security Manual @Honeywell Inc...
  • Page 8 This page is intentionally left blank PW7K Security Manual @Honeywell Inc...

  • Page 9: Chapter 2 - Installation

    Web browser for the standalone user interface • Panel networking • Host/Pro-Watch access It is recommended to use isolated/standalone network for installing PW7K panels. Cabling must be concealed in secured area and must not be freely accessible. PW7K Security Manual @Honeywell Inc...

  • Page 10: Securing Fieldbus Wiring

    Always make sure to check for the new releases of the PW7K & SIO Interface board firmware and update panel to use latest version of the firmware. This ensures the latest changes and security improvements are installed. Normal Operations Set all DIP switches to OFF for normal Operation. PW7K Security Manual @Honeywell Inc...

  • Page 11: Configuration

    The PW7K has accounts, represented by users in the PW7K configuration. It is important that these accounts are properly managed. Failure to do so can make it easier for an attacker to penetrate the system, or make it more difficult to detect that an attack has occurred. PW7K Security Manual @Honeywell Inc...

  • Page 12: Default User Account

    It makes it much more likely for the password to be leaked, and makes it more difficult to implement certain password best practices. Each different user should have a unique individual account. Similarly, users should never use accounts intended and used for running administrative services. PW7K Security Manual @Honeywell Inc...

  • Page 13: Use A Unique Account For Each Project

    Password must not contain username. In addition passwords must contain three of the four categories characters shown below • Uppercase alphabet characters (A-Z) • Lowercase alphabet characters (a-z) • Arabic numerals (0-9) • Non-alphanumeric characters (!, $, #, or %) PW7K Security Manual @Honeywell Inc...

  • Page 14: Authorized Ip Addresses

    SD card interface is used for uploading debug and crash dumps and piv CLASS embedded authentication database upcoming features, so it is always recom- mended to disable SD card interface. Refer to the PW7K User manual for details steps for disabling SD card. PW7K Security Manual @Honeywell Inc...

  • Page 15: Operations

    TLS is more secure host communication than AES Encrypted communication, to use TLS panel is required to be configured with certificate for panel and peer host certificate. Refer to the PW7k User guide for the detailed steps for configuring and enabling TLS Host communication. PW7K Security Manual @Honeywell Inc...
  • Page 16 • IP based Downstream Modules: IP-enabled input/output modules support AES encryption (128-bit) by default. It also has provision to use TSL between the controller and downstream module. Refer to the PW7K User manual. PW7K Security Manual @Honeywell Inc...
  • Page 17 When replacement/decommissioning a board, make sure to use factory default option to clear all data in the controller before discard panel. Please refer to the PW7K Installation Guide for detailed step by step instructions to put the panel in the factory default condition. PW7K Security Manual @Honeywell Inc...
  • Page 18 This page is intentionally left blank PW7K Security Manual @Honeywell Inc...
  • Page 20 ™ Honeywell Integrated Security, 135 W. Forest Hill Avenue Oak Creek, WI 53154 United States 800-323-4576 414-766-1798 Fax www.security.honeywell.com Rev 1.0 - 08/2020...

Table of Contents