KNXGuard – The security element
Order Code: 10 01 00
(previous Order Code: E001-H017003)
KEEPING INTRUDERS OUT – Locking your KNX system!
Imagine the following situation: A guest in a hotel enters his room, puts his luggage away, opens his laptop - and enters your EIB/KNX installation system by pressing a few keys. For any person that has ever worked with EIB/KNX, changing the parameter settings of your system is a simple task. Are you protected against such interference? – Probably not.
To prevent such incidents, b+b Automations- und Steuerungstechnik GmbH has developed the KNXGuard. It protects your KNX installation against attacks from unauthorised persons and against inadvertent or intentional reprogramming. As it does not occupy a physical address, the guard cannot be located in the ETS.
In order to parameterise a bus subscriber in an unprotected system, a point-to-point connection is established by means of physical telegrams. The subscriber is thus "opened" and can be reprogrammed without any restrictions. With the KNXGuard, this type of access is prevented.
As a result, communication by means of physical telegrams is not possible. Device monitoring at group address level remains however available without restrictions. To achieve 100% protection, each line should be equipped with a KNXGuard, as a KNXGuard installed in the backbone cannot prevent unauthorised access to a line at a lower level.
On request, the KNXGuard can be configured to generate a signal to an alarm group address as soon as an unauthorised attempt to access the system is detected.
Such attempts can be visualised and evaluated by means of a superimposed control system.
The KNXGuard model are equipped with an ACK component functionality. The same component thus helps reduce the bus load, as no unnecessary repeat telegrams are sent. The availability and functionality of the KNX bus is however not in any way impaired, and corrupted telegrams are still repeated.
Remark: The KNXGuard is delivered ex factory with the high security configuration.
To change this configuration an EIBDoktor EIBWeiche is required!
- Protects your EIB/KNX system from unwanted programming access
- Blocks all physical write telegrams
- Physical device monitoring possible
- Can be used as an ACK device
- EIB/KNX-2-wire connection
- Device readout still permitted but programming is prevented
- The device can be activated/deactived with the EIBDoktor to permit device programming
- The deactivation is secured by means of a PIN/RSA algorithm
- Housing for installation in flush-mounted socket
- No physical address needed
- Protects the EIB/KNX installation against reconfiguration
- Protects the EIB/KNX installation against reading
- No physical address occupied
Available KNXGuard models:
- KNXGuard "user defined":
This model can be parameterised/activated/deactivated via the bus with the EIBDoktor. For this purpose, the system communicates with RSA encryption via the KNX broadcast address 15/7/255. Logged telegrams cannot be used for replay attacks, as they contain an (encrypted) time stamp. Access to the KNXGuard is secured by verification of the serial number and a PIN.