Disclaimer

In no event shall Honeywell be liable for any damages or injury of any nature or kind, no matter how caused, that arise from the use of the equipment referred to in this manual.
Strict compliance with the safety procedures set out and referred to in this manual, and extreme care in the use of the equipment, are essential to avoid or minimize the chance of personal injury or damage to the equipment.
The information, figures, illustrations, tables, specifications, and schematics contained in this manual are believed to be correct and accurate as of the date of publication or revision. However, no representation or warranty with respect to such correctness or accuracy is given or implied and Honeywell will not, under any circumstances, be liable to any person or corporation for any loss or damages incurred in connection with the use of this manual.
The information, figures, illustrations, tables, specifications, and schematics contained in this manual are subject to change without notice.
Unauthorized modifications to the gas detection system or its installation are not permitted, as these may give rise to unacceptable health and safety hazards.
Any software forming part of this equipment should be used only for the purposes for which Honeywell supplied it. The user shall undertake no changes, modifications, conversions, translations into another computer language, or copies (except for a necessary backup copy).
In no event shall Honeywell be liable for any equipment malfunction or damages whatsoever, including (without limitation) incidental, direct, indirect, special, and consequential damages, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss, resulting from any violation of the aboveprohibitions.
Warranty
Honeywell Analytics warrants the Searchzone Sonik Ultrasonic Gas Leak Detector against defective parts and workmanship and will repair or (at its option) replace any instruments which are or may become defective under proper use within 36 months from the date of shipment from Honeywell Analytics. This warranty does not cover consumable items, normal wear, and tear, or damage caused by accident, abuse, improper installation, poisons, contaminants, or abnormal operating conditions. Under no circumstances shall Honeywell Analytics’ liability exceed the original purchase price paid by the buyer for the product. Any claim under the Honeywell Analytics Product Warranty must be made within the warranty period and as soon as reasonably possible after a defect is discovered. In the event of a warranty claim please contact your local Honeywell Analytics Service representative.
This is a summary, for full warranty terms please refer to the Honeywell “General Statement of Limited Product Warranty” available upon request.
Copyright Notice
Bluetooth®, AndroidTM, HART®, and MODBUS® are registered trademarks.
Other brand and product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole property of their respective holders.
Honeywell is the registered trademark of Honeywell International Inc.
The Searchzone SonikTM is a registered trademark of Honeywell.
Find out more at www.sps.honeywell.com

Introduction

This guide has been designed for use by operators and engineering personnel of customers who utilize the Searchzone Sonik system. It is intended for use when planning the configuration and maintenance of the network infrastructure in which the Searchzone Sonik system exists. It provides information supporting identification and mitigation of security risks associated with the day-to-day use of the system in connected IT infrastructures.
1.1Scope
This document applies to the Searchzone Sonik system, to associated mobile applications and devices, and to wireless data transfer.
1.2Revision history

RevisionCommentDate
Issue 1 ECO A05126Jul-18
Issue 2 ECO A05425Feb-21

1.3Assumptions and pre-requisites
This guide assumes a high degree of technical knowledge and familiarity with:

  • Management through mobile application
  • Networking systems and concepts · Security issues and concepts

1.4 Related documents
This guide should be read in conjunction with the following documents:
Document Searchzone Sonik.……………………………….. Technical Manual
Part Number ………………………………………………..2331M1220
1.5 Security controls
Search zone Sonik system has a number of built-in security controls. These include: · Limitation of access to designated users · Password protection of user accounts · Device certificate · User certificate
1.5.1Additional user control
This guide focuses on additional security controls that should be implemented by users.
1.5.2Further information
Contact your Honeywell representative if you need more information on securing the Searchzone Sonik system.

IT System architecture

Honeywell SZSK SMGXX Searchzone Sonik Acoustic Gas Leak Detector - fig

Search zone Sonik can be configured using Bluetooth connection, HART or MODBUS communications. See the communications diagram below.
Searchzone Sonik Mobile App

2.1 Wireless connections
Search zone Sonik utilizes Bluetooth wireless connection, single-user permitted.
2.2 Physical and local connections
Search zone Sonik utilizes HART and MODBUS communications.

Threats

Security threats applicable to networked systems include:

  • Unauthorized access
  • Communications snooping
  • Viruses and other malicious software agents

3.1 Unauthorized access
This threat includes physical access to Searchzone Sonik and intrusion into the network to which Searchzone Sonik system is connected, from the business network. Unauthorized external access can result in:

  • Loss of system availability
  • Incorrect execution of controls causing damage to the facility, incorrect operation, or spurious alarms
  • Theft or damage of its contents
  • The capture, modification, or deletion of data
  • Loss of reputation if the external access becomes public knowledge
  • Unauthorised access to the system can result from
  • Lack of security of user name and password credentials
  • Uncontrolled access to the detector
  • Uncontrolled access to the network and network traffic

3.2 Communications snooping
This threat includes snooping on or tampering with the Bluetooth port while the port is enabled, by means of man-in-the-middle, packet replay or similar methods. Tampering with the communication link can result in

  • Loss of system availability
  • Incorrect configuration and so incorrect execution of the Searchzone Sonik safety function
  • The capture, modification, or deletion of data

The configuration port is open when the Searchzone Sonik unit is in use. The configuration port can only be opened by users having wireless access to the controller and suitable login credentials. The configuration port is time-limited and cannot be left open when not in use.

3.3 Viruses and other malicious software agents
This threat encompasses malicious software agents such as viruses, spyware (trojans), and worms. These may be present:

  • On a mobile device that is used for setup and configuration
  • If the connected mobile device’s software has been changed to enable capabilities that might not otherwise be present (rooted). The intrusion of malicious software agents can result in:
  •  Performance degradation
  • Loss of system availability
  • Capture, modify, or deletion of data, including configuration data and device logs

Viruses can be transmitted by media such as USB memory devices and SD cards, from other infected systems on the network, and from infected or malicious Internet sites.

Mitigation strategies

The following mitigation strategies should be followed.
4.1Searchzone Sonik system
4.1.1Monitor system access
In addition to the security controls, Searchzone Sonik has the following facility which can be used to identify unexpected configuration changes:

  • Event History and Log

All user logins and system operations are recorded in the event log and may be viewed on the event history screen or by generating an event report. Use Searchzone Sonik Mobile App to access Event History and Log. The above should be routinely monitored and verified as part of system maintenance.
4.1.2User access and passwords

Search zone Sonik recognizes only one level of users. Users have unique usernames and passwords. Each device is PIN protected. Observe the following good practice:

  • Ensure physical security of passwords. Avoid writing user names and passwords where they can be seen by unauthorized personnel.
  • Create a separate user name and password for each user. Avoid sharing of user names and passwords among multiple users.
  • Ensure that users only log in using their own credentials.
  • Periodically audit user accounts and remove any that are no longer required.
  • Ensure that passwords and user credentials are regularly changed.
  • Administer user name and password through Searchzone Sonik Mobile App.

4.1.3 Software and unusual operation
If Searchzone Sonik Mobile App becomes unresponsive, shut it down and relaunch.
4.1.4Memory media
Observe the following good practice when using a mobile device equipped with a removable SD card:

  • Use only authorized removable media that has been scanned and checked for viruses and malware using up to date anti-virus software.
  • Ensure that memory media used is not used for other purposes, to avoid the risk of infection.
  • Control access to media containing backups, to avoid the risk of tampering.

4.2 Access
Good security practices should be observed on devices to which Searchzone Sonik may be connected. See below.
4.2.1 Operating Software
Operating systems and browsers should be kept up to date by installing the manufacturer’s updates.
4.2.2 User Access and Passwords
Good password security practices should be followed.

  • Require the use of strong passwords and user account controls.
  • Ensure physical security of passwords. Avoid writing user names and passwords where they can be seen by unauthorized personnel.

Search zone Sonik Mobile Application should not be left unattended when a configuration session is open. Access should be restricted to authorized users.

4.2.3 Synch with server
Search zone Sonik Mobile Application shall be connected to the server at least once a year to refresh the detector certificate registration.
4.2.4 Access PIN, Activation Key
Prior to using Searchzone Sonik Mobile App, you will receive Access PIN and Activation Key. Basic security measures should be taken.

  • Do not share Access PIN or Activation Key with unauthorized personnel.
  • Do not write down or record Access PIN or Activation Key.

Find out more at www.sps.honeywell.com
Contact Honeywell:
Europe, Middle East, Africa, India
Life Safety Distribution GmbH
Javastrasse 2
8604 Hegnau Switzerland
Tel: +41 (0)44 943 4300
Fax: +41 (0)44 943 4398
India Tel: +91 124 4752700
gasdetection@honeywell.com
Americas
Honeywell Analytics Inc.
405 Barclay Blvd. Lincolnshire,
IL 60069
USA Tel: +1 847 955 8200
Toll free: +1 800 538 0363
Fax: +1 847 955 8210
detectgas@honeywell.com
Asia Pacific
Honeywell Analytics Asia Pacific
7F Sangam IT Tower, 434
Worldcup Buk-ro, Mapo-gu,
Seoul 03922 Korea
Tel: +82-2-69090300
Fax: +82-2-69090328
analytics.ap@honeywell.com
Technical Services
EMEA: HAexpert@honeywell.com
US: HA.us.service@honeywell.com

Please Note:
While every effort has been made to ensure accuracy in this publication, no responsibility can be accepted for errors or omissions. Data may change, as well as legislation and you are strongly advised to obtain copies of the most recently issued regulations, standards and guidelines. This publication is not intended to form the basis of a contract.

02/2021
2331M1230 Issue 2
© 2021 Honeywell Analytics

Documents / Resources

Honeywell SZSK-SMGXX Searchzone Sonik Acoustic Gas Leak Detector [pdf] User Guide
SZSK-SMGXX Searchzone Sonik Acoustic Gas Leak Detector, SZSK-SMGXX, Searchzone Sonik Acoustic Gas Leak Detector

References

Leave a comment

Your email address will not be published. Required fields are marked *