Hardening tips for interface modules - Synergis Softwire 11.5.3

This section lists general hardening tips for all interface modules. Manufacturer-specific hardening tips are tagged with Hardening in each manufacturer's respective integration topics. For hardening guidelines for the entire system, see the Security Center Hardening Guide.

Use the latest interface module firmware

Access control hardware manufacturers frequently update their products and fix security vulnerabilities with new firmware. We continuously test the compatibility of the new firmware published by third-party manufacturers with Synergis™ Softwire. In this guide, the latest firmware that is certified compatible with Synergis Softwire is listed as recommended firmware.

For more information about upgrading firmware in the Synergis Appliance Portal, see Upgrading interface module firmware through the Synergis Appliance Portal.

Never use default passwords

Many access control devices are shipped with their default administrative passwords. These passwords aren’t private or secure. Change these passwords on each device's web page before enrolling them on your Synergis™ unit. The most secure way to change passwords is to configure a separate network, ideally over HTTPS.

Delete unused interface modules from your hardware configuration

Delete any unused interface modules from your Synergis appliance's hardware configuration. Certain interface modules can leave open ports that make your appliance vulnerable to attacks. You can delete the unused interface modules either from the Synergis Appliance Portal or from Config Tool. For more information, see the topics corresponding to each interface module manufacturer.

Enable DESFire EV2 secure communication

If you have STid SSCP or OSDP transparent readers in your system, enable the DESFire EV2 secure communication on all your workstations and Synergis units. For more information, see Enabling DESFire EV2 secure messaging.