Hardening tips for interface modules - Synergis™ Softwire 10.11

Synergis™ Softwire Integration Guide 10.11

series
Synergis™ Softwire 10.11
revised_modified
2020-06-26

If system security is a priority for your organization, we recommend that you follow the hardening advice for interface modules.

This section only presents the hardening tips that apply to all interface modules. Manufacturer-specific hardening tips are tagged with Hardening in each manufacturer's respective integration topics. For hardening guidelines for the entire system, see the Security Center Hardening Guide.

Use the latest interface module firmware

Access control hardware manufacturers frequently update their products and fix security vulnerabilities with new firmwares. We continuously test the compatibility of the new firmwares published by third-party interface module manufacturers with Synergis™ Softwire. We publish the latest interface module firmwares, certified compatible with Synergis™ Softwire, as recommended firmwares in the respective Supported <third-party devices> topic of each manufacturer. For certain models of interface module, you can apply the recommended firmware from Synergis™ Appliance Portal. For more information, see Applying the recommended firmware to interface modules.

NOTE: Certification tracking of Synergis™-partner firmware is now done within the scope of Synergis™ Softwire 10.11. If a newly-discovered vulnerability is fixed in a more recent firmware than the one certified by us, then apply it using the manufacturer's software.

Never use default passwords

Many access control devices are shipped with their default administrative passwords. These passwords are not private nor secure. Change these passwords on each device's web page before enrolling them on your Synergis™ unit. The most secure way to change the passwords is to set up a separate network over which you can do this; ideally, this should be done over HTTPS.

Delete unused interface modules from your hardware configuration

Delete any unused interface modules from your Synergis™ appliance's hardware configuration. Certain interface modules can leave open ports that make your appliance vulnerable to attacks. You can delete the unused interface modules either from Synergis™ Appliance Portal or from Config Tool. For more information, see the topics corresponding to each interface module manufacturer.