(10.04.2019, 22:01)Daniel. Wrote: LM always listen on ip even when tp is selected. Change multicast to make them invisible on ip.

(11.04.2019, 07:00)Kai-Roger Wrote: ".. but KNX is wired and physically safe from hackers."

(11.04.2019, 07:35)ferrim Wrote:

(11.04.2019, 07:00)Kai-Roger Wrote: ".. but KNX is wired and physically safe from hackers."

I'm not really sure about this...

(11.04.2019, 10:51)Daniel. Wrote: This is why in LM you can enable secure communication by adding password in KNX settings. You can disable normal communication too.

(11.04.2019, 11:28)ferrim Wrote: Care to explaine why your not sure?

---

Maybe we have different sensitivities on this topic but I think that considering physical connections as intrinsically safe is a mistake that can cost you a lot...
BR

(11.04.2019, 11:38)Kay-Roger Wrote: What i'm talking about, is that the KNX cables that are hidden in the walls an junction boxes in a locked house is definitively a much safer case, than the possibility that someone can sit in their car out on the street and hack my bus trafic via wifi and IP gateway. I'm sure you must understand that there is a huge difference regarding the safety in this setting.
Im not talking about the difference between encrypted bus trafic or not.
BR

(11.04.2019, 11:52)ferrim Wrote:

(11.04.2019, 11:38)Kay-Roger Wrote: What i'm talking about, is that the KNX cables that are hidden in the walls an junction boxes in a locked house is definitively a much safer case, than the possibility that someone can sit in their car out on the street and hack my bus trafic via wifi and IP gateway. I'm sure you must understand that there is a huge difference regarding the safety in this setting.
Im not talking about the difference between encrypted bus trafic or not.
BR

I agree, the problem remains when we talk about very large plants where vulnerabilities are greater and the attacker can be very motivated

(11.04.2019, 12:00)Kai-Roger Wrote: Yes in large facilities the safety measurements must be much higher. Maybe CanX with encrypted communication can be the solution in the near future (:

(11.04.2019, 14:26)Thomas Wrote: I'm curious so my question is: Is there an alternative bus which is:
- cryptographically strongly secured
- Two wires based with power available in these wires
- Reliable in noisy environment
- Routable
- Allows mixing of topology (I mean line, star etc)
- Non master/slave model oriented

(11.04.2019, 15:32)Erwin van der Zwart Wrote: True, but i work with KNX for 30 years now and still need to see the first TP hack..

So is it a hot item? In theory: yes (but that is already 30 years the case), in practice: not so sure..

BR,

Erwin

(12.04.2019, 05:53)Erwin van der Zwart Wrote: Hi,

This is my personal opinion and not from the company, off course is Schneider Electric implementing security where posssible, also KNX secure. In my opinion is security on the IP side a must, but implementing it on the TP side does raise some question marks if you ask me, we already see a lot older projects where the programming is not available anymore due to a lot of reasons.

Reconstructing a dated site happens quite a few times, what do you think will happen when sites have knx secure?

I personally think we see a lot more sites where reconstruction is needed due to lost encryption details that only the original programmer has.Devices with KNX secure that lost encryption details cannot be unlocked and need to be restored by the manufacturer.

As i never seen any local TP hack, and don’t see any (financial) benefit for any hacker to spend time on it or to even try it, i have question marks if it’s worth all the risks of locked systems.

But again my personal view is that the risk of someone with a laptop in the toilet connectiong to the TP is so low that does not weight up to the risks and issues when encryption details are lost..

BR,

Erwin