Security Recommendations

To enhance the security of your controller, consider the following best practices:

Network security:
- Set up network security at an appropriate level.
- Ensure that your controller is part of a secure network with limited access.
- If connected to the Internet, strictly recommend using either a VPN or an HTTPS communication.
Secure protocol access:
- Use the secure protocol HTTPS://IP:Port to access your controller.
Security measures:
- Evaluate the security capabilities of other network elements, such as firewalls and protection against viruses and malware threats.
- Store backup files in a safe location inaccessible to unauthorized individuals.
Public IP address:
- Verify that your controller does not have a publicly accessible IP address.
- Avoid using port forwarding to access your controller from the public Internet.
Network segmentation:
- Place your controller on its own network segment.
- If your router supports a guest network or VLAN, consider locating controller there.
Cybersecurity incidents and vulnerabilities:
- Report any cybersecurity incidents or vulnerabilities through this page: https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp.
HTTP communication warning:
- If HTTP communication is detected, switch to HTTPS (encrypted mode).
- Note that your controller comes with a self-signed SSL certificate, which encrypts information. Web browsers may display a warning message when confirming the exception to proceed.
KNX installation security:
- When accessing the KNX installation via the Internet, be aware that data traffic can be read by third parties.
- Always use a VPN connection with secure encryption for all data packets.
- Hardware requirements for VPN routers and features offered by mobile service providers may vary significantly.

For additional details on system hardening, refer to Schneider Electric’s document: System Hardening Guidelines for Wiser for KNX and spaceLYnk Controllers.