Introduction

This guide has been designed for use by operators and engineering personnel of customers who utilize the Searching Excel Plus & Edge system. It is intended for use when planning the configuration and maintenance of the network infrastructure in which the Searching Excel Plus & Edge system exists. It provides information supporting identification and mitigation of security risks associated with the day to day use of the system in connected IT infrastructures.

Scope

This document applies to the Searching Excel Plus & Edge system, to associated mobile application and device, and to wireless data transfer.

Revision history
RevisionCommentDate
Issue 1ECO A05530September 2021
Assumptions and pre-requisites

This guide assumes a high degree of technical knowledge and familiarity with:

  • Management through mobile application
  • Networking systems and concepts
  • Security issues and concepts
Related documents

This guide should be read in conjunction with the following documents:

DocumentPart Number
Searching Excel Plus & Edge Technical Manual2017M1220
Security controls

Searching Excel Plus & Edge system has a number of built in security controls. These include:

  • Limitation of access to designated users
  • Password protection of user accounts
  • Device certificate
  • User certificate
Additional user control

This guide focuses on additional security controls that should be implemented by users.

Further information

Contact your Honeywell representative if you need more information on securing the Searching Excel Plus & Edge system.

IT System architecture

Honeywell-2017M1250-Searchline-Excel-Plus-Open-Path-Flammable-Gas-Detector-01

Searching Excel Plus & Edge can be configured using Bluetooth connection, HART or MODBUS communications.
See the communications diagram below.

Wireless connections

The Searching Excel Plus & Edge utilizes Bluetooth wireless connection, single user permitted.

Physical and local connections

The Searching Excel Plus & Edge utilizes HART and MODBUS communications.

Threats

Security threats applicable to networked systems include:

  • Unauthorized access
  • Communications snooping
  • Viruses and other malicious software agents
Unauthorized access

This threat includes physical access to Searching Excel Plus & Edge and intrusion into the network to which the Searching Excel Plus & Edge system is connected, from the business network.
Unauthorized external access can result in:

  • Loss of system availability
  • Incorrect execution of controls causing damage to the facility, incorrect operation, or spurious alarms
  • Theft or damage of its contents
  • The capture, modification, or deletion of data
  • Loss of reputation if the external access becomes public knowledge
    Unauthorized access to the system can result from:
  • Lack of security of user name and password credentials
  • Uncontrolled access to the detector
  • Uncontrolled access to the network and network traffic

Communications snooping
This threat includes snooping on or tampering with Bluetooth port while the port is enabled, by means of man-in-the-middle, packet replay or similar methods. Tampering with the communication link can result in:

  • Loss of system availability
  • Incorrect configuration and so incorrect execution of the Searching Excel Plus & Edge safety function
  • The capture, modification, or deletion of data

The configuration port is open when Searching Excel Plus & Edge unit is in use. The configuration port can only be opened by users having wireless access to the controller and suitable login credentials. The configuration port is time limited and cannot be left open when not in use.

Viruses and other malicious software agents

This threat encompasses malicious software agents such as viruses, spyware (trojans), and worms. These may be present:

  • On a mobile device which is used for setup and configuration
  • If the connected mobile device’s software has been changed to enable capabilities that might not otherwise be present (rooted). The intrusion of malicious software agents can result in:
  • Performance degradation
  • Loss of system availability
  • Capture, modification, or deletion of data, including configuration data and device logs

Viruses can be transmitted by media such as USB memory devices and SD cards, from other infected systems on the network, and from infected or malicious Internet sites.

Mitigation strategies

The following mitigation strategies should be followed.

Searchline Excel Plus & Edge system
Monitor system access

In addition to the security controls, Searchline Excel Plus & Edge has the following facility which can be used to identify unexpected configuration changes:

  • Event History and Log

All user logins and system operations are recorded in the event log and may be viewed on the event history screen or by generating an event report. Use the Searchline Excel Plus & Edge Mobile App to access Event History and Log. The above should be routinely monitored and verified as part of system maintenance.

User access and passwords

Searchline Excel Plus & Edge recognizes only one level of users. Users have unique usernames and passwords. Each device is PIN protected. Observe the following good practice:

  • Ensure physical security of passwords. Avoid writing user names and passwords where they can be seen by unauthorised personnel.
  • Create a separate user name and password for each user. Avoid sharing of user names and passwords among multiple users.
  • Ensure that users only log in using their own credentials.
  • Periodically audit user accounts and remove any that are no longer required.
  • Ensure that passwords and user credentials are regularly changed.
  • Administer user name and password through Searchline Excel Plus & Edge Mobile App.
Software and unusual operation

If Searchline Excel Plus & Edge Mobile App becomes unresponsive, shut it down and relaunch.

Memory media

Observe the following good practice when using mobile device equipped with removable SD card:

  • Use only authorized removable media that has been scanned and checked for viruses and malware using up-to-date anti-virus software.
  • Ensure that memory media used is not used for other purposes, to avoid risk of infection.
  • Control access to media containing backups, to avoid risk of tampering.
Access

Good security practices should be observed on devices to which Searchline Excel Plus & Edge may be connected. See below.

Operating Software

Operating systems and browsers should be kept up to date by installing the manufacturer’s updates.

User Access and Passwords

Good password security practices should be followed.

  • Require the use of strong passwords and user account controls.
  • Ensure physical security of passwords. Avoid writing user names and passwords where they can be seen by unauthorized personnel. Searchline Excel Plus & Edge Mobile Application should not be left unattended when a configuration session is open. Access should be restricted to authorized users.
Synch with server

Searchline Excel Plus & Edge Mobile Application shall be connected to server at least once a year to refresh the detector certificate registration.

Access PIN, Activation Key

Prior to using Searchline Excel Plus & Edge Mobile App you will receive Access PIN and Activation Key. Basic security measures should be taken.

  • Do not share Access PIN or Activation Key with unauthorized personnel.
  • Do not write down or record Access PIN or Activation Key.

Find out more
www.sps.honeywell.com

Contact Honeywell Analytics:
Europe, Middle East, Africa
Life Safety Distribution GmbH Tel: 00800 333 222 44 (Freephone no.) Tel: +41 (0)44 943 4380 (Alternative no.) Middle East Tel: +971 4 450 5800 (Fixed Gas Detection) Middle East Tel: +971 4 450 5852 (Portable Gas Detection) gasdetection@honeywell.com

Americas
Honeywell Analytics Distribution Inc. Tel: +1 847 955 8200 Toll free: +1 800 538 0363 detectgas@honeywell.com

Asia Pacific
Honeywell Analytics Asia Pacific Tel: +82 (0) 2 6909 0300 India Tel: +91 124 4752700 China Tel: +86 10 5885 8788-3000 analytics.ap@honeywell.com

Technical Services
EMEA: HAexpert@honeywell.com US: ha.us.service@honeywell.com AP: ha.ap.service@honeywell.com  www.sps.honeywell.com

Documents / Resources

Honeywell 2017M1250 Searchline Excel Plus Open Path Flammable Gas Detector [pdf] User Guide
2017M1250 Searchline Excel Plus Open Path Flammable Gas Detector, 2017M1250, Searchline Excel Plus Open Path Flammable Gas Detector, Flammable Gas Detector, Gas Detector, Detector

Read more: https://manuals.plus/honeywell/2017m1250-searchline-excel-plus-open-path-flammable-gas-detector-manual#ixzz7edBnLCiV

Leave a comment

Your email address will not be published.