Document Sample
xlsWpeUdNl2tV Powered By Docstoc
					                                Network Security              Commercial
Commercial Use Cases                                                                 Governance          Threats
                                    Threat                    Applications

  Private Office Buildings
       Single Building
                                         None                                                     None - Building occupants
   Single Tenant Facility                                          HVAC
                                Predefined key used and                                 None       have no reason to be a
      Owner Occupied                                              Lighting
                                     not changed)                                                        security risk
  Not vendor interoperable
 No Public access to facility

  Commercial Real Estate
    Multi-tenant facilities                                        HVAC
        Universities                                              Lighting                        Miscreants (aka students)
                                         Low                                            None
        Health Care                                             Door Access                            causing havoc
   Vendor interoperability                                   Video Surveillance

                                                                                                  Device Authentication on
                                                                                                   specific devices only to
     High Occupancy                                              Door Access
                                       Medium                                          UL,ULC     assure automatic device
    High Rise Buildings                                       Video Surveillance
                                                                                                   control occuring only to
                                                              UL Smoke Control
                                                                                                      specific devices.
                                                          Fire Secondary Reporting

                                                                    Lighting                      Device Authentication on
                                                                 Door Access                       specific devices only to
       White Rooms
                                                             Video Surveillance                   assure automatic device
       Hospital ORs                      High                                        UL,ULC,FDA
                                                             UL Smoke Control                     control and user access
                                                          Fore Secondary Reporting                occuring only to specific
                                                           Primary Fire Reporting                          devices.
                                                            Critical Environments
                                                                               Access onto the network at
                                                HVAC                           all times must be protected
                                               Lighting                         (i.e. joining). Security key
                                            Door Access                        definition must be protected
                                         Video Surveillance      UL,ULC,FDA,   from malicious surveillance
    Military        Very High
                                         UL Smoke Control            CoE           of the network. Once
Homeland Security
                                        Secondary Reporting                        authenticated onto the
                                       Primary Fire Reporting                  network, all data messages
                                       Critical Environments                   must be encrypted to ward
                                                                                 against malicious intent.

                       NOTE: Typical PAN node count may include upwards to 120 devices made up of a mix of ZRs and ZEDs
                           Allowed time to setup network security when:

 Merging Commissioned
                              Increasing Security Policy          Installing Devices           Replacing Devices

 15 minutes to allow once
  TC to acquiesce to the
    other TC. All device
   security should be the                                        0 minute per device           0 minute per device
same. If on different PANs,
 allow 20 minutes for PAN

                              A network should be able to
                               monotonically increase its
                               security policy. Devices in
                                the PAN must detect the          1 minute per device           1 minute per device
                              policy change and increase
                              it policy across the network
                                   withing 10 minutes.

                                                              5 minutes per device
                                                              requiring authentication, 1
                                                              minute for all other
                                                                                              10 minutes per device
                                                                                            requiring authentication, 1
                                                                                            minute for all other devices
 10 minutes to merge once
   TC to acquiesce to the
                                                                                            No devices can be added
 other TC established. The Not applicable since at the
                                                                                              to the system unless
     merge shall occur             highest security level.                                   authorized by the TC.
    automatically without         Reducing security would
requiring the installer to visit defeat the application and
     each PAN device.               would need to be a
                                     scheduled activity.
                   merge shall occur
                 automatically without
              requiring the installer to visit
                   each PAN device.

                                                 Not applicable since at the
                                                   highest security level.
                                                                             Devices will be out-of-band configured with the security
                                                  Reducing security would
                                                                             policy. The TC will need to be manually configured to
                                                 defeat the application and
                                                                                      allow the device to join the network.
                                                    would need to be a
                                                     scheduled activity.

e up of a mix of ZRs and ZEDs.
                                                                    Allowed Network disturbance while setting up network security:

Merging Commissioned           Increasing Security            Reverting to             Commissioning Tool not
                                                                                                                      Trust Center fails:
       Islands                       Policy                Commissioning Mode             available on-line

                                                           Not applicaable since       System operates without affect, New devices can be
                                                          already at the 'out of the    added using existing default key either by off-band
                                                                 box' state.             means or from operational Commissioning Tool

                           All PAN Devices must be
                                                                                       System operates without affect, New devices can be
                               made aware of the           A PAN must be able to
                                                                                       added using existing key either by off-band means or
                           impending policy change.            revert back to its
                                                                                              from operational Commissioning Tool
                             No impact can occur on commisioning state and its
 Devices on island being    the network at this time.      'out of the box' security
added will not be affected      Once the change                       policy
by the coalescence of the   commences, devices on
 islands. Devices being the PAN must support both            One device, multiple
 moved can be affected      policies temporariliy until   devices or all devices in
 while movement occurs      the TC explicitly tells the   the PAN must be made
                              device to use the new       aware of the impending
                            policy. At that point, the policy change. No impact
                                old policy must be       can occur on the network
                                    inactivated.            at this time. Once the
                                                            change commences,
                                                         devices on the PAN must                                      System still operates.
                                                             support both policies                                   No new devices can be
                                                          temporariliy until the TC                                   added until the TC is
                                                        explicitly tells the device to                                again operational. A
                                                        use the new policy. At that                                  report of the TC failure
                                                         point, the old policy must                                 is forwarded to the user.
                                                                be inactivated.

                                                                                        Devices can be added to
                                                                                         the secure network by
                                                                                       accessing the Trust Center
                                                                                       Devices can be added to
                                                                                        the secure network by
                                                                                      accessing the Trust Center

The Commissioning device
     must be a trusted
  configured node on the
                                                           Not applicable, the
  network as are all other
                           Not applicable since at the network will always be in
devices. Nodes already on                                                                                            System remains in
                             highest security level.   its operable security state.
  the network cannot be                                                                                            'secure join' mode. No
                            Reducing security would      The commissioning tool
 deletoriously affected by                                                                                         device except the failed
                           defeat the application and     must be added to the
  the addition of the new                                                                                          TC can be added to the
                              would need to be a         network and execute the
nodes. Each device being                                                                                                  network.
                               scheduled activity.      same security policies as
added to the network must
                                                            do all other nodes.
be manually added through
 user autentication at the
g up network security:

              New Software Update
                                          New Device Added          Failed Device Replaced

             Network Security feature
              unaffected by software
            download. Only the device
             currently being upgraded

             Network Security feature
              unaffected by software
            download. Only the device ZED/ZR - no disruption
             currently being upgraded    of existing network
                                                             ZED - associated ZR may
             affected. Device will get
                                                              be affected when ZED
            security info either through
            out-of-band means or TC.
                                                                    ZR - associated ZED(s)
                                                                    may be affected while ZR

                                                                     Remaining network not

              New software cannot be
             downloaded to the device
               until it autenticates the
             software and device. The
              system must continue to ZED/ZR - Devices must
                   run unaffected.           be added on a
                                         schedule. The network
                                           may be down while
                                         they are added. Better
                                         though if it need not be
  The downloading device
must join the network. The
 downloading device must
authenticate to each device
 being downloaded before
                              New devices may be manually authenticated to the
the download commences.
                              network via a manual network join operation. Once
All existing security data is
                                  joined, the device must obtain its security
  lost as the new software
                                       information in a secured manner.
     downloads. Once
   downloaded, the device
must reestablish itself onto
 the network via a manual
   network join operation.

Shared By: