In company-wide installation with multiple routers, controllers and Supervisor PCs, each piece of equipment needs to be physically secure. Make sure that no casual visitor has access to these pieces of equipment.
A firewall program running on the Supervisor computer is highly recommended. Initially, you should disable the firewall while configuring a new system. After configuration, remember to enable the firewall allowing access through PC ports as necessary.
All passwords and passphrases are case sensitive.
Best practice: When you receive a new controller, you may choose to power it up and verify that it is functional before placing it in stock ready to assign to a particular job. At this time, its passphrase and user credentials may be very generic. You should create stronger passphrases and passwords before installing the controller at a customer site.
Two aspects of communication are important: encryption, and server authentication. If either is compromised, your system becomes vulnerable to an external attack. This includes the Photo ID station, which runs Asure ID and EntsecAsureID software (the client). Without secure communication links, the remote controllers and EntsecAsureID will not connect to the system station.
PKI (Public Key Infrastructure), which uses certificates to verify server identity and encrypt data transmission, provides this secure link. If the station’s server certificate is signed by an external CA (Certificate Authority), such as Verisign and Thawte, EntsecAsureID should connect to a station without requiring additional configuration.
If, instead of using an external CA, you are your own CA, you use your root certificate to sign each station’s server certificate and import it into the station’s User Key Store. Then you import your root CA certificate into each station’s Windows trust store.
Secure communication is configured with admin privileges using
In