User Manual Q&AAnswer
Apr 23, 2025 - 03:32 AM
To ensure the security of your Paxton AN1166-ZA Net2 system, Paxton recommends implementing the following network security recommendations:
1. Implement strong physical security: Use biometrics, token-based authentication, or other measures to prevent unauthorized access to your premises and corporate network.
2. Implement Network Access Control (NAC) standards: Use IEEE 802.1X authentication to enforce security policies and grant access only to compliant devices connected to LAN or WLAN. This standard recognizes users, their devices, and their network roles, controlling data access.
3. Implement next-generation firewalls: Use a firewall that performs application layer inspection, intrusion prevention and detection, and secures web traffic. Also, protect access from potentially insecure internal VLANs to trusted/secure VLANs using configurable security policies.
4. Implement VLANs for network security and segregation: Use VLANs to separate data packets from different networks within your corporate network. This reduces attack surfaces and prevents unauthorized access to devices on other VLANs.
5. Implement strong passwords for Net2 Server application authentication: Follow the instructions in application note AN1162 to set up strong passwords for the Net2 Server application and associated databases.
6. Have a dedicated machine for Net2 Server: Use a dedicated machine to run the Net2 server and avoid installing other software, except for necessary network monitoring tools. Restrict access to the physical Net2 server machine to authorized personnel only.
7. Ensure machine safety: Keep the server and client machines updated with the latest OS critical updates and have virus scanning protection on client machines. Install Net2 clients on machines without email/chat clients to avoid unintentional execution of malicious code via attachments.
8. Enable Net2 secure mode: For maximum security, consider running both the server and client software from the same machine and block the TCP SQL server port 1433 for inbound connections. This can be achieved by activating 'secure mode' using the Net2 security tab. Use the Net2Online service for client access away from the server machine, or use virtualized application software like VMware Horizon to distribute restricted Net2 client applications connected to a Net2 server on a separate LAN or VLAN.
9. Additional security steps: Implement MAC address filtering on the switch and entry port to disable the port and send an alert when an unrecognized device connects. Place all Paxton devices with IP capability on a dedicated VLAN and isolate this VLAN from the company network to restrict access to areas other than the access control devices.
Please refer to the Paxton AN1166-ZA Net2 Network Security Recommendations User Guide for more detailed information and instructions on implementing these security recommendations.
Add New Comment