13.02.2019

OPEN EMS Service & Security Center

Firewall protection against cyber attacks on DEOS controllers (DDC) with intuitive user interface

Every building automation system requires DDC components that are secure and protected against third-party access. While this type of equipment security is very expensive, integration into IT networks nonetheless offers many advantages. With the new Service & Security Center and its security features, the OPEN EMS (DDC) platform from DEOS AG offers a cost-effective solution. The range of functions includes:

  • Firewall protection
  • Encrypted controller access via HTTPS
  • comfortable management of security certificates
  • Practical user management

This optimizes the security in the OPEN and therefore also in the entire building.

The problem:

In the absence of thorough IT know-how, it is often not possible to configure a firewall. This implies many security risks. Due to the lack of prior knowledge, the firewall is regularly deactivated in practice. The setting options also soon overburden employees. Thus, for example, the temporary opening and closing of ports in order to upload a new control program may be executed incorrectly. As a result of these problems, the controller loses its security and the system becomes vulnerable.

The solution – OPEN EMS Service & Security Center:

This is exactly where the OPEN EMS Service & Security Center comes into its own: by using configurations instead of programming, the solution from DEOS AG makes setting up quick and easy. Pre-configured security settings can be loaded via three modes: inactive, operation and maintenance. These can also be customized using checkboxes. For employees with IT expertise, the expert mode offers further individual firewall configuration options. At the same time, data histories are created for the configuration changes and the login and logout processes.

The maintenance mode enables additional ports for incoming connections. For example, this allows new control programs to be uploaded to the DDC controller via Uploader. The session timer automatically resets the controller to the operating mode after each maintenance intervention. Thus, security flaws arising due to the temporary opening of ports are prevented. All these functions are aimed at facilitating practical use according to the principle of “keep it smart & simple”. With this intuitive operating concept, securing the controllers is inexpensive – and requires no IT expertise.

The Service & Security Center is protected by a user login and is called up via the standard browser. Different authorization levels allow you to customize the settings for each employee. Thus, each user only has access to the settings that are relevant to his work. The configuration can be exported as a file and is easy to load into other controllers via drag-and-drop. This is straightforward, can be done by any authorized employee and saves you valuable time.

The encryption in the data transmission is carried out with the TLS 1.2 standard. This ensures secure communication with the controller beyond 2020, beyond which the familiar Firefox, Chrome, Edge and Safari browsers will no longer support the older TLS 1.0 and 1.1 protocols. A wizard quickly and easily generates the required security certificate. Alternatively, an official certificate provided by a certification body can be loaded.

On delivery, all necessary firewall settings on the OPEN EMS are pre-set for secure operation. The free security upgrade with the Service & Security Center is also possible at a later date for almost all controllers. The FUP XL programming tool means that this upgrade can be executed quickly and easily.

A high degree of protection can be achieved for your DDC at low cost and with no in-depth IT knowledge. In addition to the internal network protection provided by the Service & Security Center, DEOS AG offers secure site networking and remote access with the practical cloud solution DEOS Secure Network. As a result, the entire system is further protected against external hazards. Your building automation has never been so safe – with security solutions from DEOS AG.