controller encryption

PERPETUA

Encryption for Controllers

L INNOVATION

User Guide

Lenel OnGuard® 2010 Encryption for Controllers User Guide, product version 6.4. This guide is item number DOC-1200, revision 1.008, March 2010

Copyright © 2004-2010 Lenel Systems International, Inc. Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Lenel Systems International, Inc.

Non-English versions of Lenel documents are offered as a service to our global audiences. We have attempted to provide an accurate translation of the text, but the official text is the English text, and any differences in the translation are not binding and have no legal effect.

The software described in this document is furnished under a license agreement and may only be used in accordance with the terms of that agreement. Lenel and OnGuard are registered trademarks of Lenel Systems International, Inc.

Microsoft, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Integral and FlashPoint are trademarks of Integral Technologies, Inc. Crystal Reports for Windows is a trademark of Crystal Computer Services, Inc. Oracle is a registered trademark of Oracle Corporation. Other product names mentioned in this User Guide may be trademarks or registered trademarks of their respective companies and are hereby acknowledged.

Portions of this product were created using LEADTOOLS © 1991-2010 LEAD Technologies, Inc. ALL RIGHTS RESERVED.

OnGuard includes ImageStream® Graphic Filters. Copyright © 1991-2010 Inso Corporation. All rights reserved. ImageStream Graphic Filters and ImageStream are registered trademarks of Inso Corporation.

Encryption for Controllers User Guide

Table of Contents

Chapter 1: Overview ....................................................................7

Why Use Encryption ........................................................................................ 7

Encryption Keys .............................................................................................. 7

Master Key 1 and Master Key 2 ........................................................................................ 7

Master Key Management ................................................................................ 8

Automatic Key Management ............................................................................................. 8

Manual Key Management ................................................................................................. 8

Which form of Key Management to Choose ..................................................................... 9

Firmware Types .............................................................................................. 9

Determine Firmware Type ................................................................................................. 9

Recommendations for Downloading Firmware ............................................................... 10

Flash Chip Size ............................................................................................. 10

Determine Flash Chip Size ............................................................................................. 10

DIP Switch Settings for Encryption ............................................................... 11

Determine DIP Switch Settings ....................................................................................... 11

Recommendations for DIP Switch Settings .................................................................... 11

Master Key Entry ........................................................................................... 11

Random Master Key Generation ..................................................................................... 12

Pass Phrase Entry .......................................................................................................... 12

Manual Key Entry ............................................................................................................ 13

Configuring a Controller for Encryption ......................................................... 13

Changing Master Keys .................................................................................. 14

How Often ....................................................................................................................... 14

revision 1 — 3

Table of Contents

Segmentation ................................................................................................ 14

Chapter 2: Automatic Key Management Procedures .............15

Setting Up Encryption ................................................................................... 15

Setup Encryption in a New Installation ............................................................................ 15

Setup Encryption in an Existing System/Segment .......................................................... 15

Enable Encryption for Controllers in Encrypted System/Segments ................................ 16

Additional Procedures ................................................................................... 16

Switch to a New Master Key ........................................................................................... 16

Swap Encrypted Controllers in the Field ......................................................................... 16

Disable Encryption .......................................................................................................... 17

Mark an Encrypted Controller Back Online ..................................................................... 17

Move an Encrypted Controller into a Segment ............................................................... 18

Move an Encrypted Controller While Creating an Encrypted Segment .......................... 18

Chapter 3: Manual Key Management Procedures ..................19

Using the Lenel Controller Encryption Configuration Utility .......................... 19

Setting Up Encryption ................................................................................... 19

Setup Encryption in a New Installation ............................................................................ 19

Setup Encryption in an Existing System/Segment .......................................................... 20

Enable Encryption for a New Controller in an Encrypted System/Segment .................... 21

Enable Encryption for an Existing Controller in an Encrypted System/Segment ............ 22

Additional Procedures ................................................................................... 22

Switch to a New Master Key ........................................................................................... 22

Swap Encrypted Controllers in the Field ......................................................................... 24

Disable Encryption .......................................................................................................... 24

Mark an Encrypted Controller Back Online ..................................................................... 25

4 — revision 1


Move an Encrypted Controller into a Segment ............................................................... 25

Move an Encrypted Controller While Creating an Encrypted Segment .......................... 25

Chapter 4: Connection Errors & Corrective Steps .................27

Connection Errors ......................................................................................... 27

Controller Does Not Support Encryption ......................................................................... 27

Controller Requires Encrypted Connection ..................................................................... 28

Master Key Mismatch ...................................................................................................... 28

Connection Mismatch ...................................................................................................... 29

Upgrading and Degrading Connections ........................................................ 30

Upgrade Connections ..................................................................................................... 30

Degrade Connections ..................................................................................................... 30

Master Key Updates in Automatic Key Management System/Segments ..... 32

Live Status in Alarm Monitoring and Reported Events .................................. 32

Offline Due to Encryption Problem .................................................................................. 33

Online with a Connection Mismatch ................................................................................ 34

Online with Configured Connection ................................................................................. 34

Index .................................................................................................35

revision 1 — 5

Table of Contents

6 — revision 1


Chapter 1: Overview

Why Use Encryption

Communications between OnGuard and Lenel access controllers range from direct serial port connections to TCP/IP connections over local and/or wide area networks to modem connections over a dial-up network.

If there is a concern that the communication link may not be secure from unauthorized access, an encrypted connection between OnGuard and the Lenel access controller can be configured.

Data security for encrypted connections between OnGuard and Lenel access controllers is provided by the full implementation of the Federal Information Processing Standard (FIPS), FIPS-197, utilizing the Advanced Encryption Standard (AES), also known as Rijandael, a symmetric encryption algorithm. FIPS-197 supersedes the aging Data Encryption Standard (DES) defined in FIPS-46-3. Implementation of FIPS-197 solves the data security requirements for these open network connections by providing a means to secure the data over the non-secure network by encryption.

Encryption Keys

To encrypt connections, OnGuard implements the Advanced Encryption Standard (AES). A symmetrical block cipher algorithm, such as AES, requires that both sender and receiver use the same key. 128-bit keys are used in the encryption between OnGuard and a Lenel controller.

Master keys are used to encrypt data packets that transfer a session key to the controller. Master keys are the crux of the encryption process. Both ends of the connection, the controller and host, must agree on the master key being used to achieve a connection.

Session keys are used to encrypt any data that is communicated between OnGuard and Lenel access controllers, except for the transfer of new session keys. Session keys are automatically generated by OnGuard when a connection is established with a controller. Session keys are internal to the system and never exposed.

Master Key 1 and Master Key 2To maintain smooth system operation, two master keys exist in the system and controllers; master key 1 and master key 2.

Only one master key, the active master key, is in use at a given time. The other master key is inactive. When a master key change is desired, the inactive master key value is first updated in the controllers and in the OnGuard system. Once this process is complete, the inactive master key is activated. Over the life of an

revision 1 — 7

1: Overview

installation, master key 1 will sometimes be the active master key and other times be the inactive master key. This is also true of master key 2.

Important: It is important to keep master key values secure. These values are shared secretly between the controllers and OnGuard, and allow an encrypted connection to be made. Since the AES algorithm is public, all parties that have access to the key can encrypt and decrypt the data. Master key values should not be shared with anybody who is not involved in their management. They should not be written down or electronically stored in locations that are not secure.

Master Key Storage

Lenel controllers store master keys in non-volatile EEPROM memory permanently soldered to the controller circuit board. There is no mechanism available for obtaining these values from a controller.

Note that controllers come from the factory with factory default master key values. Once a controller is configured for encryption within the OnGuard system, these factory default values are replaced.

Master Key Management

Master key values are configured and activated on a system wide basis for non-segmented installations and on a per segment basis for segmented installations.

Master keys are configured and activated in System Administration on the Controller Encryption form/sub-tab of the System Options folder or Segments folder.

Each controller must also be updated with the master key values you configured in the OnGuard system. You can update the master keys in the controllers using automatic or manual key management.

Automatic Key ManagementWith automatic key management, master key values are automatically transferred from OnGuard to the controllers over the existing connection. When encryption is first enabled, the master key is transferred over the existing plain (unencrypted) connection. After encryption is enabled, subsequent transfers are made over the existing encrypted connection.

Manual Key ManagementWith manual key management, master key values are manually transferred to controllers. Manual transfers are performed using a host machine (typically a laptop computer) that is connected to the controller using a secure, local

8 — revision 1


connection such as a short serial cable. The host machine uses the Lenel Controller Encryption Configuration Utility to transfer master key values.

This means that an administrator must visit each controller to manually transfer master key values. For more information, refer to the Controller Encryption Configuration Utility User Guide available on the OnGuard Installation disc.

Which form of Key Management to ChooseAutomatic key management is inherently simpler to use and manage than master key management. Master key updates are made automatically and there is no need to manually visit each controller to transfer a master key.

However, manual key management is inherently more secure than automatic key management because master keys are never transferred over a standard (open network) OnGuard connection.

With automatic key management, a plain connection is used the first time a master key is transferred to a given controller. An intruder who intercepts this packet could then use the master key to decrypt the initial packet containing a session key. This session key could then be used to decrypt the remaining packets for that session. The master key could also be used to establish a connection with the controller.

If the automatic key transfer implications discussed above are not of concern, then automatic key management is the simplest choice. However, organizations that wish to protect themselves from intruders who may be intercepting packets at any and all times, will want to use manual key management.

Firmware Types

Controller firmware changes required to support encryption have increased the firmware size. This firmware cannot be loaded into controllers that contain 128 KB flash chips. There are many controllers in the field that contain 128 KB flash chips. As such, two versions of firmware are now being released. One set, referred to as AES firmware, supports encryption. The other set, referred to as plain firmware, does not. The two sets of firmware are identical in all other respects, supporting all of the same features.

Either version of firmware can be loaded into a controller with a 256 KB chip while only plain firmware can be loaded into a controller with a 128 KB chip.

Determine Firmware TypeYou can determine the type of firmware a controller has by using the Lenel Controller Encryption Configuration Utility, Alarm Monitoring, or System Administration applications. The Lenel Controller Encryption Configuration Utility displays the firmware revision in the main window. Alarm Monitoring displays the firmware revision in the System Status window or controller Properties dialog. Finally, System Administration displays the firmware revision in the Diagnostics form of the Access Panels folder.

revision 1 — 9

1: Overview

If the controller contains AES firmware, “.aes” is shown as part of the firmware revision, as in “3.054.aes”.

Recommendations for Downloading FirmwareFirmware can be downloaded to a controller using OnGuard or the Lenel Controller Encryption Configuration Utility. It is recommended that you use OnGuard to download firmware for existing controllers and the utility for new controllers or hardware swaps.

Flash Chip Size

AES firmware can only be downloaded to controllers with 256 KB chips. All LNL-2000 panels have 256 KB chips while LNL-1000 and LNL-500 panels manufactured prior to February 2003 do not; they contain 128 KB chips. Refer to the following guidelines for replacing chips in these panels:

• All LNL-500 panels can have their chips replaced

• LNL-500 panels shipped with serial numbers 6352 and higher already have 256 KB chips

• LNL-1000 panels with serial numbers above 710 can have their chips replaced

• LNL-1000 panels with serial numbers 710 and below cannot accept a 256 KB chip

• LNL-1000 panels with serial numbers 12862 and higher already contain 256 KB chips

Determine Flash Chip SizeIn addition to looking at the panel’s serial number, you can determine the flash chip size of a panel by using the Lenel Controller Encryption Configuration Utility, Alarm Monitoring, or System Administration applications. The Lenel Controller Encryption Configuration Utility displays the flash size in the main window. Alarm Monitoring displays the flash chip size in controller Properties dialog. Finally, System Administration displays the flash chip size in the Diagnostics form of the Access Panels folder.

10 — revision 1


Notes: By default, OnGuard automatically downloads AES firmware to controllers with 256 KB chips, when a firmware download is requested.

OnGuard automatically downloads plain firmware to controllers with 128 KB chips when a firmware download is requested.

DIP Switch Settings for Encryption

If a controller has AES firmware and DIP switch 8 is ON, the controller requires an encrypted connection. If a controller has AES firmware and DIP switch 8 is OFF, then encryption is optional; the host can connect with a plain or encrypted connection. Thus, turning DIP switch 8 ON is not necessary for encryption but enhances security by forcing encrypted connections.

Determine DIP Switch SettingsYou can determine the current DIP switch settings using the Lenel Controller Encryption Configuration Utility, Alarm Monitoring, or System Administration applications. The Lenel Controller Encryption Configuration Utility displays the DIP switch settings in the main window. Alarm Monitoring displays the DIP switch settings in the controller Properties dialog. Finally, System Administration displays the DIP switch settings in the Diagnostics form of the Access Panels folder.

Recommendations for DIP Switch SettingsIt is recommended that DIP switch 8 be turned ON after the initial master key updates are made for a given controller. In manual key management mode, this would be after the Lenel Controller Encryption Configuration Utility has been used to load the initial master keys. In automatic key management mode, this would be after the controller has been configured for an encrypted connection and the administrator has verified that an encrypted connection has been achieved.

Note: The controller only reads DIP switch settings when it is powered up. If DIP switch settings are changed, the controller must go through a power cycle before the changes are recognized in the system.

Master Key Entry

When you change from a plain to an encrypted (automatic or manual) connection the Master Key Entry dialog displays where you can select the form of master

revision 1 — 11

1: Overview

key entry. This dialog also displays when you click [Modify] in the Controller Encryption form/tab in System Administration.

OnGuard supports three forms of master key entry: random master key generation, pass phrase entry, and manual master key entry.

Note: For more information about the Master Key Entry dialog, refer to the System Options Folder or Segment Folder chapter in the System Administration User Guide.

Random Master Key Generation This mode of master key entry is the default and the simplest option to select when the Master Key Entry dialog displays. To use the random master key generation mode, simply click [OK] when the dialog displays.

Automatically Update the Master Keys

Random master key generation is likely the best option in systems using automatic key management. Key transfers to the controllers are made automatically by the OnGuard system. The administrator does not have to be concerned with the actual master key value.

Manually Update the Master Keys

Random master key generation can be used in manual key management systems, as well. The export function can be used to export the key so that it can be manually transferred to the controllers using the Lenel Controller Encryption Configuration Utility.

For more information on exporting master keys, refer to the System Options Folder or Segments Folder chapter in System Administration.

Pass Phrase EntryWith pass phrase mode, the administrator enters a phrase or sentence between 1 and 255 characters. The pass phrase is automatically turned into a 128-bit master key by the OnGuard system.

12 — revision 1


Choosing a Pass Phrase Entry

It is strongly recommended that pass phrases be at least 50 characters in length for security reasons.

Furthermore, a pass phrase should be hard to guess, even by someone who knows you well, but easy for you to remember. A “shocking nonsense” phrase is generally the best; meaning a short phrase or sentence that is odd enough for you to remember but is illogical and not associated with you.

You may wish to use a pass phrase entry when working with manual key management systems. Since the pass phrase is easy to remember, there is no need to write it down or export the resulting master key from the OnGuard system. You can manually enter it into both OnGuard and the Lenel Controller Encryption Configuration Utility.

Note: If a pass phrase is lost, the 128-bit master key that was generated from it can always be exported from the OnGuard system.

Manual Key EntryWith manual key entry mode, the administrator enters a 128-bit master key. The value is entered as a 32 digit hexadecimal number such as, “70E6E026E7AA7BD16679D5B9A8F1AF1E”.

An administrator may wish to use manual key management if a segment is being configured for encryption and the administrator wants to use the same keys that were used in other segments. These keys can be exported from one segment and manually entered in the new segment.

Configuring a Controller for Encryption

To configure a controller for encryption in OnGuard you need to:

1. Configure the system/segment configured for encryption.

2. Configure the Lenel access panel configured for encryption.

These procedures require the proper user permissions which are set on the Access Control sub-tab of the System Permission Groups form in the Users folder of System Administration.

Systems are configured for encryption on the Controller Encryption form of the System Options folder in System Administration. Segments are configured for encryption on the Controller Encryption sub-tab of the Segments form in System Administration.

A controller is configured for encryption on the Encryption sub-tab of the LNL-2000, LNL-1000, or LNL-500 Access Panels form in System Administration.

revision 1 — 13

1: Overview

Note: The system/segment the controller belongs to must first be configured for encryption in order for the Encryption sub-tab on the Access Panels form to display.

Changing Master Keys

Master key exposure is extremely low over encrypted connections. The master key is only used to encrypt an initial session packet in which a random session key is transferred to the controller. All other packets in a given session are encrypted using that session key.

How OftenEven installations that wish to protect against an intruder intercepting packets over a long period of time while trying to break the encryption do not need to switch master keys often. Every six months or one year is a reasonable time frame to address such concerns. If this type of attack is not a concern, the master keys do not need to be changed at all.

Note: The master key can be switched at any time if there is concern that it has been compromised.

Segmentation

When a segment is created, all encryption related configuration data is automatically copied from the source segment to the new segment. This allows for a smooth operation when encrypted controllers are moved from the source segment to the new segment. The master key values and active master key remain the same. Thus, the controllers do not need any updates. If desired, you can modify the master keys in the new segment after the segment creation process is completed.

If an encrypted controller is manually moved from one segment to another, the controller must be updated if the master key values in the two segments differ. This is handled automatically when the new segment is an automatic key management segment. If the new segment is a manual key management segment, the administrator must coordinate the segment move and manually update the master keys in the controller.

14 — revision 1


Chapter 2: Automatic Key Management Procedures

With automatic key management, OnGuard is responsible for coordinating the master key values between controllers and the OnGuard system. Master keys are loaded/transferred to controllers automatically from the OnGuard system. Normally, the Lenel Controller Encryption Configuration Utility is not used.

Setting Up Encryption

Setup Encryption in a New InstallationRefer to Setup Encryption in an Existing System/Segment. Be sure to place the controller online at the end of step 2.

Setup Encryption in an Existing System/SegmentFollow this procedure if you are initially setting up encryption in an existing system/segment (where the controllers are online with OnGuard using a plain connection).

This entire procedure is completed in the OnGuard system. You do not need to visit each controller unless you need to reset DIP switches.

1. Configure the system/segment for automatic key management encryption and generate a value for master key 1.

Note: For more information, refer to “Configure Automatic Encryption and Set Keys” in the System Options Folder or Segments Folder chapter in the System Administration User Guide.

2. Complete the following for each controller:

a. Verify each controller has the latest AES firmware. It may be necessary to first configure the controller (in OnGuard) for a plain connection and download the firmware. Note that the controller must have a 256 KB chip before AES firmware can be downloaded.

b. Verify the controller’s DIP switch 8 is OFF.

c. Configure the controller for an encrypted connection. For more information, refer to the Access Panels Folder chapter in the System Administration User Guide.

d. Dip switch 8 can be turned ON if desired after verification has been made that an encryption connection has been made.

revision 1 — 15

2: Automatic Key Management Procedures

Enable Encryption for Controllers in Encrypted System/Segments

Refer to step 2 in Setup Encryption in an Existing System/Segment on page 15 if you are introducing a new controller to an encrypted system/segment or you have an existing controller in an encrypted system/segment that previously used a plain connection.

Additional Procedures

Switch to a New Master KeyMaster key exposure is extremely low over the encrypted connections. The master key is only used to encrypt an initial session packet in which a random session key is transferred to the controller. All other packets in a given session with the controller are encrypted using that session key.

Even installations that wish to protect against an intruder intercepting packets over a long period of time while trying to break the encryption do not need to switch master keys very often. Every six months or one year is probably a reasonable time frame to address such concerns. If this type of attack is not a concern, the master keys do not need to be changed at all.

With automatic key management, however, note that new master key values are sent to the controller over the standard access control system connection when key changes are made. When encryption is first turned on, this is going to be done over a plain connection. On subsequent key changes, the new keys are transferred over the existing encrypted connection.

When you want to switch master keys, simply modify the system/segment and modify the active master key value. By default, a new random key will be generated. Alternatively, you can use a pass phrase or manual entry. The system will seamlessly transfer the new master key to all encrypted controllers in the system/segment (the next time a controller comes physically online if it is currently physically offline) and switch to an encrypted connection using it.

Swap Encrypted Controllers in the FieldIt is sometimes necessary to replace a controller in the field with a new controller. If the “old” controller is configured for encryption, the master key values for that controller must be loaded into the new controller prior to bringing the new controller online with the OnGuard system. With automatic encryption, that is impossible. One of two methods can be used to get around this problem; manually update the master keys or allow OnGuard to automatically transfer the active master key over a plain connection.

Manually Transfer Master Keys Over an Encrypted Connection

To temporarily operate in manual key management mode, refer to chapter 3, Swap Encrypted Controllers in the Field on page 24. This procedure will instruct

16 — revision 1


you on how transfer the active master key from the system/segment to the controller.

Automatically Transfer Master Keys Over a Plain Connection

To automatically transfer the active master key over a plain connection:

1. Turn DIP switch 8 OFF at the new controller.

2. In the OnGuard system, configure the controller for a plain connection.

3. When the controller comes back online with the OnGuard system, verify that it has the latest AES firmware. If not, download it.

4. Configure the controller for an encrypted connection in the OnGuard system. The system will transfer the active master key and switch to an encrypted connection with the controller.

5. If desired, turn DIP Switch 8 ON at the controller.

Disable EncryptionIf you want to disable encryption for a controller, segment, or system, make sure DIP switch 8 is OFF at every controller before disabling encryption. Otherwise, when encryption is disabled in the OnGuard system, an encryption error occurs.

Mark an Encrypted Controller Back OnlineIf the controller has only missed a single master key update (and still contains the other master key), OnGuard will automatically transfer the currently active master key and switch to a proper connection when you mark an encrypted controller back online.

If a controller has been marked offline and missed the last two key updates, or was not configured for encryption when it was last marked online, you need to manually update the master key or degrade the connection in order for the controller to come physically back online.

If you believe the controller has only missed a single master key update or you are uncertain, mark the controller back online and select “No” when the message box asks if the next connection can be downgraded.

If the controller remains offline with an encryption error after several minutes, it must have missed more than one key update. You will need to manually update the master key or degrade the connection.

Manually Update Master Keys

For more information, refer to the “Load or Update Master Keys” in the Lenel Controller Encryption Configuration Utility User Guide, located on the OnGuard Installation disc.

Degrade a Connection

If you have already marked the controller back online in the steps above, modify it and select ‘Allow next connection to be downgraded’. Otherwise, when the

revision 1 — 17

2: Automatic Key Management Procedures

controller is marked back online, select “Yes” when the message box asks if the next connection can be downgraded. OnGuard will attempt to downgrade the connection, transfer the currently active master key, and switch to the proper encrypted connection. If DIP Switch 8 if currently ON at the controller, this may not be successful. If the controller remains offline with an encryption error after several minutes, DIP Switch 8 will need to be turned OFF at the controller. Once OnGuard synchronizes and switches to a proper encrypted connection, DIP switch 8 can be turned back ON.

Move an Encrypted Controller into a SegmentThis procedure applies to encrypted controllers that are moved into an automatic key management segment.

When a controller configured for encryption is moved to a new automatic key management segment, it is up to OnGuard to synchronize the master keys in the controller with the new segment. With that in mind, all you need to do is move the controller to the new segment in the OnGuard system.

Move an Encrypted Controller While Creating an Encrypted Segment

When a new segment is created and a source segment selected, OnGuard copies the encryption values from the source segment into the new segment. Thus, if controllers are moved from the source segment during the segment creation process, encryption operations are not impacted for those controllers.

18 — revision 1


Chapter 3: Manual Key Management Procedures

With manual key management, the administrator is responsible for coordinating the master key values between controllers and the OnGuard system. This involves loading master keys into the controller(s) and configuring OnGuard to use an encrypted connection with the active master key. Master keys can be loaded into controllers using the Lenel Controller Encryption Configuration Utility. Later, if you want to switch keys, you need to visit the controller(s), update the inactive key, and then configure OnGuard to begin using the new key.

Using the Lenel Controller Encryption Configuration Utility

For instructions on using the Lenel Controller Encryption Configuration Utility, refer to the OnGuard Installation disc. The application and manual are located in an .MSI file, which must be installed. Lenel Or, if the utility is already installed on a computer, click Start then Programs > Lenel Controller Encryption Configuration Utility and select either the utility or the user guide.

Setting Up Encryption

Setup Encryption in a New InstallationFollow this procedure if you are initially setting up encryption in a new system/segment (where none of the controllers are online with the OnGuard system).

For more information, refer to “Configure Manual Encryption and Set Keys” in System Options Folder or Segments Folder chapter in the System Administration User Guide.

1. Configure the system/segment (in OnGuard) for manual key management encryption.

2. Generate a value for master key 1. By default, a random value is generated for the master key. Alternatively, a pass phrase or manual entry can be chosen.

Note: It is recommended that both master keys in the segment be changed from their default values. If master key 2 is left with its factory default value, this leaves a potential security hole.

3. For each controller for which an encrypted connection is desired:

revision 1 — 19

3: Manual Key Management Procedures

a. Physically go to the controller. Start the Lenel Controller Encryption Configuration Utility and connect to the controller.

b. Verify the controller has the latest AES firmware. If not, download it. Note that the controller must have a 256 KB chip before AES firmware can be downloaded.

c. Update master key 1 with the value configured (in step 1). If you modified master key 2, update this key as well. Note that master key values can be exported from the access control system to a file. The Controller Encryption Configuration Utility supports loading keys from a file. To cut down on possible key exposure, a user may alternatively wish to use a pass phrase that they remember and may not wish to use the export function.

d. Turn DIP switch 8 ON if you want to require an encrypted connection. This is recommended for the tightest security.

e. Place the controller on its standard connection that will be used in the access control system.

4. For each controller updated in step 3:

a. Configure the controller (in OnGuard) for an encrypted connection.

b. Place the controller online.

c. Verify an encrypted connection is achieved.

Note: For more information, refer to Access Panels Folder chapter in the System Administration User Guide.

Setup Encryption in an Existing System/SegmentFollow this procedure if you are initially setting up encryption in an existing system/segment (where the controllers are online with OnGuard using a plain connection).

1. Configure the system/segment (in OnGuard) for manual key management encryption.

2. Generate a value for master key 1. By default, a random value is generated for the master key. Alternatively, a pass phrase or manual entry can be chosen.

Note: It is recommended that both master keys in the segment be changed from their default values. If master key 2 is left with its factory default value, this leaves a potential security hole.

3. Verify each controller has the latest AES firmware. If not, download it. Note that the controller must have a 256 KB chip before AES firmware can be downloaded.

4. For each controller that an encrypted connection is desired:


20 — revision 1


b. Update master key 1 with the value configured (in step 1). If you modified master key 2, update this key as well. Note that master key values can be exported from the access control system to a file. The Controller Encryption Configuration Utility supports loading keys from a file. To cut down on possible key exposure, a user may alternatively wish to use a pass phrase that they remember and may not wish to use the export function.

c. Turn DIP switch 8 ON, if you want to require an encrypted connection. This is recommended for the tightest security.

d. Place the controller on its standard connection that will be used in the access control system.

Note: For more information, refer to the Lenel Controller Encryption Configuration Utility located on the OnGuard Installation disc.

5. For each controller setup/updated for encryption in step 4:

a. Configure the controller (in OnGuard) for an encrypted connection.

b. Verify the controller is online an encrypted connection is achieved.

Note: For more information, refer to Access Panels Folder chapter in the System Administration User Guide.

Enable Encryption for a New Controller in an Encrypted System/Segment

Follow this procedure if you have a system/segment previously enabled for encryption and you want to enable encryption for a new controller.

1. Physically go to the controller. Start the Lenel Controller Encryption Configuration Utility and connect to the controller.

2. Verify the controller has the latest AES firmware. If not, download it. Note that the controller must have a 256 KB chip before AES firmware can be downloaded.

3. Load the keys currently configured for the system/segment.

4. Turn DIP switch 8 ON, if you want to require an encrypted connection.

5. Connect the controller to the OnGuard system.

6. Complete the following (in OnGuard) for each new controller:

a. Configure the controller for an encrypted connection.

b. Place the controller online.

c. Verify an encrypted connection is achieved.

revision 1 — 21


Enable Encryption for an Existing Controller in an Encrypted System/Segment

Follow this procedure if you have a system/segment previously enabled for encryption and you want to enable encryption for a controller (that already exists in that system/segment).

1. Verify the controller has the latest AES firmware. If not, download it using the OnGuard system. The controller must have a 256 KB chip before AES firmware can be downloaded.

2. Complete the following at each controller:


b. The Controller Encryption Configuration Utility window displays. Load the keys currently configured for the system/segment.

c. Turn the controller’s DIP switch 8 ON, if you want to require an encrypted connection. This is recommended for tight security.

d. Reconnect the controller to the OnGuard system.

Note: For more information, refer to the Lenel Controller Encryption Configuration Utility located on the OnGuard Installation disc and the Access Panels Folder chapter in the System Administration User Guide.

3. Complete the following (in OnGuard) for each controller:

a. Configure the controller in OnGuard for an encrypted connection.

b. Verify the controller is online an encrypted connection is achieved.

Additional Procedures

Switch to a New Master KeyMaster key exposure is extremely low over the encrypted connections. The Master key is only used to encrypt an initial session packet in which a random session key is transferred to the controller. All other packets in a given session with the controller are encrypted using that session key.

Even installations that wish to protect against an intruder intercepting packets over a long period of time while trying to break the encryption do not need to switch master keys very often. Every six months or one year is a reasonable time frame to address such concerns. If this type of attack is not a concern, the master keys do not need to be changed at all.

The master key can be switched at any time if there is concern that it has been compromised.

22 — revision 1


Activating the Inactive Key without Changing Its Value

The very first time a key switch is made, the administrator may wish to simply use the master key 2 value that was initially setup in the system and in the controllers.

Additionally, on subsequent key switches, the administrator may not be concerned with generating a new key value, but simply may want to switch to the other master key value previously configured. This may be done if they simply want to vary the master key value periodically without going to the trouble of making it unique with each change.

To activate the inactive key without changing its value, the system/segment simply needs to be modified and the inactive key needs to be made the active key. All encrypted controllers in that system/segment should remain online with an encrypted connection.

Updating the Value of the Inactive Key and Making it Active

The following procedure can be used to switch master keys while using a new master key value.

1. If you want the access control system to randomly generate the new key, the first step is to modify the inactive key value in the access control system/segment and generate a new random key. Do not activate this key yet.

Alternatively, if you want to use a pass phrase or manually pick a key, the inactive key value can be updated as the first step, or can be updated later. Note that the master key values can be exported from the access control system to a file. The Controller Encryption Configuration Utility supports loading keys from a file. To cut down on possible key exposure, a user may also wish to user a pass phrase that they remember and may not wish to use the export function.

2. Visit each controller configured for encryption and connect it to the Controller Encryption Configuration Utility. Update the inactive master key.

Important: Do not update the active master key. If this is done, the controller will remain offline until the configuration change is made in the access control system to activate that key.

3. Connect the controller using its standard access control system connection. The controller should come back online with an encrypted connection using the currently active master key. Note that if possible, controllers marked logically offline in the access control system should be updated as well. This will allow them to easily be marked back online in the future.

4. After every controller has been updated, activate the inactive key in the access control system/segment. If the new key value was set in the access control system in step 1, this is all that is needed. Otherwise, enter the new key value in addition to making the inactive key is made active. After the inactive key is made active, the access control system should begin making encrypted connections to the controllers using the newly activated master key.

revision 1 — 23


Swap Encrypted Controllers in the FieldIt is sometimes necessary to replace a controller in the field with a new controller. If the “old” controller is configured for encryption, the master key values for that controller must be loaded into the new controller, prior to bringing the new controller online with the OnGuard system.

For more information, refer to the Lenel Controller Encryption Configuration Utility located on the OnGuard Installation disc.

1. Do not connect the new controller to OnGuard yet.

2. Start the Lenel Controller Encryption Configuration Utility and connect to the controller.

3. Verify the controller has the latest AES firmware. If not, download it. Note that the controller must have a 256 KB chip before AES firmware can be downloaded.

4. Load both master key values from the system/segment into the new controller. Note that both key values can be exported from the access control system into a file (generally on a diskette) and then loaded from that file into the Lenel Controller Encryption Configuration Utility. Alternatively, you can memorize a pass phrase to load into the keys.

5. Connect the new controller to the OnGuard system. It should come online with an encrypted connection using the current active master key.

Note: If it is not possible for an authorized person to load keys into the new controller prior to bringing it online, the controller in OnGuard must be changed to a plain connection and DIP switch 8 must be turned OFF at the controller. Later, you can establish an encrypted connection by following the steps in Enable Encryption for an Existing Controller in an Encrypted System/Segment on page 22.

Disable EncryptionIf you want to disable encryption for a controller, segment, or system make sure DIP switch 8 is OFF at every controller before disabling encryption. Otherwise, when encryption is disabled in the OnGuard system, an encryption error occurs.

24 — revision 1


Notes: In OnGuard systems, controllers are disabled for encryption on the Encryption sub-tab of the Access Panel form.

Segments are disabled for encryption on the Controller Encryption sub-tab of the Segments form.

Systems are disabled for encryption on the Controller Encryption form of the System Options folder.

Mark an Encrypted Controller Back OnlineWhen it is time to mark an encrypted controller back online, make sure it has the latest key updates before placing it online. For more information, refer to the “Load or Update Master Keys” in the Lenel Controller Encryption Configuration Utility User Guide, located on the OnGuard Installation disc.

Move an Encrypted Controller into a SegmentComplete these procedures to move an encrypted controller into a manual key management segment.

• Move the controller to the new segment in the OnGuard system.

• If the same values for the master keys are used in all segments, no other steps are required. If the master key values (1 or 2) are different in the old and new segment, you need to visit any controller that is being moved and using the Lenel Controller Encryption Configuration Utility, transfer the master key values from the new segment to the controller.

Note: These steps can be done in either order. However, once either step is done, the controller will be offline with a controller encryption error - master key mismatch, until the other step is done.

Move an Encrypted Controller While Creating an Encrypted Segment

When a new segment is created and a source segment selected, OnGuard copies the encryption values from the source segment into the new segment. Thus, if controllers are moved from the source segment during the segment creation process, encryption operations are not impacted for those controllers.

revision 1 — 25


26 — revision 1


Chapter 4: Connection Errors & Corrective Steps

This chapter provides controller encryption errors that may occur, an explanation of what the error means, steps to correct the error, as well as situations that would cause the error.

Connection Errors

There are three types of connection errors that can occur: the controller does not support encryption, the controller requires an encrypted connection, and a master key mismatch. When any of the errors occur, OnGuard may still be able to connect with a connection mismatch (that is either an upgraded or downgraded connection). For more information refer to Connection Mismatch and Upgrading and Degrading Connections on page 30.

Controller Does Not Support EncryptionA controller encryption error stating the controller does not support encryption occurs when the controller is configured for encryption in OnGuard but does not have AES firmware.

In this situation, a connection cannot be made without compromising security. By default, OnGuard will not attempt to make a different type of connection.

Automatic Key Management

In automatic key management segment/systems, however, the administrator can individually configure controllers to attempt degraded connections by selecting the Allow next connection to be downgraded check box in the Access Panels Folder, Encryption sub-tab of System Administration. This can be useful for physical hardware swaps or when a controller has been marked logically offline and does not have the latest master key updates. For more information refer to the Access Panels Folder chapter in System Administration.

Manual Key Management

In manual key management system/segments, you can either configure the controller for a plain connection or manually update the controller to support encryption (download AES firmware to the controller using a plain connection and then transfer the master keys). The most secure way to operate is to manually update the controller.

If a manual key management system/segment is not configured to allow downgraded connections, the controller will remain offline in an error state, until the error is corrected.

If a manual key management system/segment is configured to allow downgraded connections, you may also get a controller connection mismatch error stating that

revision 1 — 27

4: Connection Errors & Corrective Steps

the system degraded to a plain connection due to no controller encryption support.

Controller Requires Encrypted ConnectionA controller encryption error stating the controller requires an encrypted connection occurs when a controller is configured for a plain connection in the OnGuard system, but the controller requires encryption (has AES firmware and DIP switch 8 is ON).

To correct this problem, you can either configure the controller for encryption or disable the encryption requirement by setting DIP switch 8 OFF at the controller.

This error occurs when:

• A new a controller is configured for a plain connection, but the controller requires encryption (has AES firmware and DIP switch 8 is ON)

• An encrypted controller is online with an encrypted connection, but the administrator changes the configuration to a plain connection.

• A controller is configured for a plain connection and is currently online with a plain connection. Then, a physical controller swap is made where the new controller requires encryption.

• A controller that supports encryption is configured for a plain connection and is currently online with a plain connection. Then, DIP switch 8 is turned ON.

Notes: In each of these cases, OnGuard tries to “upgrade” to an encrypted connection. If the system is able to bring the controller online, a connection mismatch is reported. Security is not compromised since an encrypted connection even with a factory default master key is no less secure than the configured plain connection.

If none of the master keys exist in the controller, the controller remains offline with a connection error. This includes the currently active master key in the system/segment, the currently inactive master key in the system/segment, and the default master keys.

Master Key MismatchA controller encryption error with master key mismatch means the controller is configured for and supports encryption, but the active master key value in OnGuard does not match the value in the controller. OnGuard will attempt to downgrade the connection only if downgraded connections are allowed in the configuration.

To correct this problem, update the master key values in OnGuard or controller.

Manual Key Management System/Segments

In manual key management systems/segments, master key mismatch errors occur when:

• The master key loaded into the controller and OnGuard do not match.

28 — revision 1


• The wrong master key (1 or 2) is updated in OnGuard or the controller.

• A new master key is activated in the OnGuard system, but the controller is not updated.

• The active master key is updated in OnGuard and the controller is placed back on the standard OnGuard connection without OnGuard being updated.

• Encryption is enabled for a controller (in a segment) prior to loading the master keys into that controller.

• A physical controller swap is made where the new controller supports encryption (like the old controller) but the master key values were not loaded into the new controller.

• An encrypted controller does not receive master key updates while it is offline. When the controller is marked back online, a connection problem occurs.

Notes: If the manual key management system/segment is configured to allow downgraded connections, the system/segment attempts to degrade the connection. If successful, the system/segment reports a connection mismatch error with details that depend on the type of connection that was made.

If a manual key management system/segment is not configured to allow downgraded connections, the controller will remain offline in an error state, until the error is corrected.

Automatic Key Management System/Segments

In automatic key management segments, master key mismatch connections are automatically corrected, whenever possible. If a controller continues to have a master key mismatch error, it is because OnGuard has not tried to degrade the connection or the controller does not contain the inactive master key or factory default master key (1 or 2).

To correct this problem, configure the controller to allow the next connection to be downgraded, and/or set DIP switch 8 OFF at the controller. When OnGuard achieves a degraded plain connection, it will automatically correct the connection by transferring the active master key to the controller and switching to an encrypted connection with the active master key. At this point, DIP switch 8 can be set ON, if desired.

This situation occurs when:

• A physical controller swap is made with a new controller that supports encryption but does not have the proper master keys loaded into it.

• An encrypted controller was marked logically offline when master key updates were made. Therefore, the controller does not have the latest key updates. If it is marked back online, the keys will not match.

Connection MismatchA connection mismatch error means a connection was made between the controller and the OnGuard system, however the connection was made by upgrading or downgrading the connection. For more information, refer to Upgrading and Degrading Connections on page 30.

revision 1 — 29


To correct this problem, both OnGuard and the controller must agree on the type of connection that is to be made (encrypted with the same master key or plain).

Notes: If a controller is online with a connection mismatch error and the system/segment is then changed so that downgraded connections are not allowed, the system drops the degraded connection and displays a master key mismatch error if the original problem was a key mismatch. However, if the original problem was that the controller does not support encryption, the controller will return to that error.

If the system upgrades the connection (due to the controller requiring encryption), then changing the degraded connections setting has no bearing. Turning it on or off does not change the system status.

Upgrading and Degrading Connections

Each time a connection error occurs, OnGuard tries to upgrade or degrade the connection regardless of how the error occurred. In order for the system to degraded connections, it must be configured to allow downgraded connections. Automatic key management systems/segments are configured to allow downgraded connections on an individual controller basis. Manual key management systems/segments are configured to allow downgraded connections on a system/segment wide basis. No special configurations are required for upgrading connections.

Upgrade ConnectionsUpgraded connections are always attempted when a controller requires encryption but has been configured in OnGuard for a plain connection.

System/segments attempt upgraded connections in the following order:

1. If the system/segment is configured for encryption, an upgraded connection is attempted using the current active master key.

2. If the system/segment is configured for encryption, an upgraded connection is attempted using the current inactive master key.

3. An upgraded connection is attempted using the factory default value for master key 1.

4. An upgraded connection is attempted using the factory default value for master key 2.

Degrade ConnectionsDegraded connections are attempted when there is a connection error due to a controller not supporting encryption or due to a master key mismatch.

30 — revision 1


Notes: Manual key management system/segments must be configured to allow downgraded connections for the system/segment to degrade a connection.

Individual controllers in automatic key management system/segments must be configured to allow downgraded connections for the system/segment to degrade a connection.

System/segments attempt degraded connections in the following order:

1. A degraded connection is attempted using an encrypted connection with the inactive master key.

2. A degraded connection is attempted using an encrypted connection with the factory default value for master key 1.

3. A degraded connection is attempted using an encrypted connection with the factory default value for master key 2.

4. If the controller does not require an encrypted connection, a degraded connection is attempted using a plain connection.

Manual Key Management System/Segments

For manual key management system/segments, encryption degradation is configured on a system/segment wide basis. This option should not be heavily used; it reduces the security that manual key management provides. However, an administrator may choose to use this option when initially setting encryption up to ensure smooth operation while becoming familiar with the process. An alternative to using this option is to temporarily change the configuration (for a controller having problems) in OnGuard from an encrypted connection to a plain connection.

Automatic Key Management System/Segments

For automatic key management systems/segments, encryption degradation is configured on a per controller basis in the Encryption sub-tab of the Access Panels form in System Administration. When degradation is allowed, it is automatically cleared when the system gets the controller online. This is because in automatic key management, once the controller does come online over a degraded connection, the system automatically downloads the current active master key to the controller and switches to the proper configured encrypted connection (unless the controller does not contain AES firmware). Thus, configured degradation is only used for the next connection with the controller.

Note: In automatic key management system/segments, when encryption is first enabled for a controller, the system automatically configures the controller for a downgraded connection. This is because the active master key must be downloaded to the controller prior to the encrypted connection being achieved.

revision 1 — 31


Master Key Updates in Automatic Key Management System/Segments

In automatic key management system/segments, OnGuard automatically transfers the active master key when encryption is first enabled on a given controller or whenever a master key change is made at the system/segment level.

Between the time the configuration change is made and the new master key is successfully transferred to a given controller, the previous connection is kept with that controller. During this time, the system indicates there is a pending key update for the controller on the Encryption tab of the LNL-2000, LNL-1000, or LNL-500 Access Panel tab (in System Administration). This status can also be seen in the controller’s Properties dialog in Alarm Monitoring. The Master Key Update Pending field displays with a value of “True”.

For a controller that is currently online, the key transfer process normally completes within seconds. For a controller that is currently offline, the key transfer process waits until the next time the controller comes online.

If there are pending master key updates for any controllers configured for encryption and marked logically online in an automatic key management system/segment, any subsequent master key modifications are disallowed by the system. The previous update must complete before a subsequent update can be done.

Live Status in Alarm Monitoring and Reported Events

Alarm Monitoring indicates the following encryption related statuses:

• Whether the current connection to a Lenel controller is plain or encrypted. This is indicated via separate icons on the system status and map views as well as through additional text that can be viewed in the Properties dialog (right-clicking a Lenel controller and selecting Properties). For more information, refer to Online with Configured Connection on page 34.

Note: Operators must have permission to view encryption information, otherwise the standard icon for a plain connection displays in Alarm Monitoring regardless of the type of connection used.

• Whether a controller is offline due to an encryption problem. This is indicated via separate icons on the system status and map views, as well as reported events, current device status text, and through additional text that can be viewed in the Properties dialog.

• Whether a controller is online but the current connection does not match the configured connection. This is indicated via separate icons on the system status and map views, as well as reported events, current device status text, and through additional text that can be viewed in the Properties dialog.

The following icons display in the System Status window and as default state icons in the map view for the access controller group:

32 — revision 1


• Indicates the access controller is online with a plain connection or, the access controller is online and the user is not allowed to know whether the connection is plain or encrypted.

• Indicates the access controller is online with an encrypted connection.

• Indicates the access controller is online but the current connection does not match the configured connection.

• Indicates the access controller is offline due to a standard connection problem.

• Indicates the access controller is offline due to an encryption problem.

• Indicates the dialup access controller is online with a plain connection or, the dialup access controller is online and the user is not allowed to know whether the connection is plain or encrypted.

• Indicates the dialup access controller is online with an encrypted connection.

• Indicates the dialup access controller is online but the current connection does not match the configured connection.

• Indicates the dialup access controller is offline due to a standard connection problem.

• Indicates the dialup access controller is offline due to an encryption problem.

Offline Due to Encryption ProblemIf a controller is offline due to an encryption problem, Alarm Monitoring does the following, in addition to showing the proper icon:

• Alarm Monitoring displays an encryption error in the current device status for the controller.

• A controller encryption error event is reported. Associated text in the event indicates the details of the error.

• If the controller’s Properties dialog is brought up in Alarm Monitoring, the details of the error can also be viewed.

The details of the error will be one of the following:

• Controller requires an encrypted connection - indicates a plain connection has been configured but the controller requires an encrypted connection.

• Controller does not support encryption - indicates an encrypted connection has been configured but the controller does not support encryption.

• Master key mismatch - indicates the master key configured in OnGuard does not match the key that is in the controller

revision 1 — 33


Online with a Connection MismatchOnGuard only attempts to get a controller online with a non-configured connection if the controller is configured to allow the next connection to be downgraded (in automatic key management system/segments) or the system/segment is configured to allow downgraded connections (in manual key management system/segments).

When a controller is online, but the connection was degraded and thus does not match the configured connection, Alarm Monitoring does the following in addition to showing the proper icon:

• Displays “encryption connection mismatch” in the current device status for the controller.

• Reports a controller connection mismatch event. Associated text in the event indicates the details of the mismatch.

If the controller’s Properties dialog is brought up in Alarm Monitoring, the details of the mismatch can seen and will be one of the following:

• Degraded to plain connection due to master key mismatch - indicates an encrypted connection was configured but could not be achieved due to a key mismatch. OnGuard degraded to a plain connection to get the controller online.

• Degraded to plain connection due to no controller encryption support - indicates an encrypted connection was configured but could not be achieved because the controller does not support encryption. OnGuard degraded to a plain connection to get the controller online.

• Controller requires an encrypted connection - indicates a plain connection was configured, but the controller requires an encrypted connection. OnGuard was able to get the controller online by using an encrypted connection.

• Encrypted with inactive master key due to active master key mismatch - indicates an encrypted connection was configured but could not be achieved with the current active master key due to a key mismatch. OnGuard was able to get the controller online by using the inactive master key.

• Encrypted with default master key due to active master key mismatch - indicates an encrypted connection was configured but could not be achieved with the current active master key due to a key mismatch. OnGuard was able to get the controller online by using the factory default master key.

Online with Configured ConnectionWhen the controller is online with the configured connection, Alarm Monitoring displays the proper icon to indicate whether the current connection is plain or encrypted, as long as the operator has permissions to view this information. Otherwise, the standard icon used for a plain connection will be used.

If the controller’s Properties dialog is brought up and the operator has permissions to view encryption information, the Connection Type field will indicate the type of connection (encrypted or plain). If the operator does not have permissions to view encryption information, the Connection Type field does not display.

34 — revision 1


revision 1 — 35

Index

A

Automatic key management .......................... 8, 12Automatic key management errors ..................... 29

C

Changing master keys ......................................... 14how often ..................................................... 14

Choosing a pass phrase entry.............................. 13Configuring a controller for encryption.............. 13Connections

mismatch error ............................................. 29Controller does not support encryption .............. 27Controller requires encrypted connection........... 28

D

DIP switch settings ............................................. 11Disable encryption ....................................... 17, 24

E

Enable encryptionexisting controller in encrypted system ....... 22existing controller in system/segment ......... 15new controller in encrypted system ...... 16, 21

Encryption keys .................................................... 7Errors

connection mismatch ................................... 29controller does not support encryption ........ 27controller requires encrypted connection..... 28Master key mismatch................................... 28

F

Firmware types ..................................................... 9Flash chip size..................................................... 10

L

Lenel Controller Encryption Configuration Utility........................................................... 19

M

Manual key entry ................................................ 13Manual key management ............................... 8, 16Manual key management errors.......................... 28Mark an encrypted controller back online ... 17, 25Master key

management................................................... 8mismatch error ............................................. 28storage............................................................ 8

Master Key Entry dialog..................................... 11

Master key mismatch .......................................... 28Move encrypted controllers

into a segment ....................................... 18, 25while creating encrypted segment ........ 18, 25

P

Pass phrase entry................................................. 12

R

Random master key generation........................... 12Recommendations

DIP switch settings ...................................... 11downloading firmware................................. 10

S

Segmentation ...................................................... 14enable encryption for existing controller..... 22enable encryption for new controller in

new segment ......................................... 16Setting up encryption ................................... 15, 19

existing system/segments ..................... 15, 20new installations ................................... 15, 19

Swap encrypted controllers in the field ....... 16, 24Switch to a new master key ................................ 16

W

Which form of key management to choose .......... 9Why use encryption .............................................. 7

Lenel Systems International, Inc.1212 Pittsford-Victor RoadPittsford, New York 14534 USATel 585.248.9720 Fax [email protected]

controller encryption

Documents

master key management

automatic key management

manual key management

windows vista

windows server

english text

encryption keys

imagestream graphic