DIGITAL YACHT N2K Protect V1.04 Intrusion Detection System Instruction Manual
- June 1, 2024
- DIGITAL YACHT
Table of Contents
N2K Protect V1.04 Intrusion Detection System
IMPORTANT NOTE
Your N2K Protect has a WiFi network name “N2KProtect-xxxx” where xxxx is your
unique 4 digit code. The default Password = “PASS-xxxx”, where xxxx is the
same unique four-digit code at the end of the WiFi network name.
To access the web interface, http://192.168.1.1 or http://n2kprotect.local
N2K PROTECT
NMEA 2000 INTRUSION
DETECTION SYSTEM
Version 1.04
Tel: 01179 554 474
www.digitalyacht.co.uk
PRODUCT HANDBOOK
Introduction
Congratulations on the purchase of your N2K Protect NMEA 2000 Intrusion Detection System. In addition to this quick start guide, we recommend watching our N2K Protect video, simply scan the QR code to be taken to our YouTube video…. https://www.youtube.com/watch?v=gyVuXdKWPOA
This product is designed for use by Technical Dealers and Installers with knowledge/experience of NMEA 2000, Digital Yacht cannot provide technical support or training on NMEA 2000 networking.
Before you start
To use your N2K Protect you will need:
- A wireless device with web browser i.e. Smart Phone, Tablet or Laptop
- A spare “T-Piece” connection on a working/powered NMEA 2000 network.
Installation
The N2K Protect is IP54 rated (water resistant) and care should be taken when
operating it, to ensure it is not submerged in water.
3.1 – Connecting to NMEA 2000 Network
- Connect the N2K Protect cable, to a spare connector on the NMEA2000 network.
- N2K Protect takes its power (LEN=2) from the NMEA2000 network so no additional connections are necessary.
- If you are connecting N2K Protect to a non-standard NMEA2000 network, then a suitable adaptor cable will need to be sourced from the relevant manufacturer;
SeaTalkNG (Raymarine P/No A06045)
Simnet (Simrad P/No 24006199)
3.2 – Mounting and Location
- Install N2K Protect to a flat bulkhead using suitable fixings (not supplied)
- N2K Protect can be installed in any orientation.
- A location should be chosen for best WiFi performance, where its internal buzzer can be heard and where it cannot easily be tampered with.
3.3 – Powering N2K Protect
- Apply power to the NMEA 2000 network, the N2K Protect LEDs will illuminate in sequence, from left to right, and then they should behave, as per Table 1…
Condition| STATUS LED (Green)| DATA IN LED (Yellow)| ERROR
LED (Red)| ALERTS LED (Yellow)| LINK LED (Green)
---|---|---|---|---|---
ON (Solid)| Wi-Fi STA Mode Connected| | N2K Network Down| N2K Issues Alert
State| Web Connection
Flashing| Wi-Fi AP-Mode Active| Data Received| N2K Issues High Risk| N2K
Issues Low Risk|
OFF| Wi-Fi STA Mode Disconnected*| No Data From N2K| All OK| All OK| No Web
Connection
Table 1
-
Note – Short flash every 2 seconds indicates N2K Protect cannot connect in STA Mode, check wireless network is visible and password is correct.
3.4 – Setting up the Wireless Network- By default, N2K Protect’ creates a wireless network (Access Point), with Name (SSID) = “N2KProtect-xxxx” and Password = “PASS-xxxx”, where xxxx is a fourdigit code, unique to your device.
- To connect to N2K Protect you need to scan for wireless networks, find it, select it and then enter the default password when prompted.
- As soon as a wireless connection is established, the Status LED will stop flashing and stay permanently ON, whilst a wireless device is connected.
- N2K Protect is not a router/gateway, so when connected to it, you will not have an internet connection. Some operating system; Windows, iOS, Android, etc. may display “No Internet”, which is normal and not a cause for concern.
3.5 – Accessing the Web Interface
- The N2K Protect has a built-in web interface, consisting of a series of pages that provide key information on the status of the NMEA 2000 network.
- A wireless device, connected to N2K Protect, can access its web interface in a browser at http://192.168.1.1 or http://n2kprotect.local which should bring up the N2K Protect home page as shown in Figure 1.
3.6 – Status “Dashboard” Page
-
To display the current status of your NMEA 2000 network, click on the STATUS button on the home page and you will see a page similar to Fig 2.
-
On this page will are a series of key indicators that provide a good indication of how well your NMEA 2000 network is performing. If the real time tests are running and no threats are detected, then a green pulsing Padlock icon will be displayed. If there is a static Yellow (low risk issues detected) or a solid Red (high risk issues detected) Padlock icon shown then your NMEA 2000 network needs some immediate attention.
-
Other indicators include (see Fig 3);
1. Bus Load % – indicates how much data is on the network
2. Real Time Test Status – series of Ticks and Crosses
3. Number of Devices on Network
4. Bus Errors – excessive errors reduce performance
5. Global ISO Request Count – use of this PGN is discouraged
6. RCA Group Function Count – used to control other devices
7. Proprietary PGN Count – should be < 3% of network traffic -
At the bottom of the Status page is a logging window where any test failures or security alerts are displayed. The Log can be Cleared or Saved (Downloaded) by clicking the two buttons below the window.
3.7 – Devices Page
- To display a list of all devices on the network, click on the Devices icon/button and you should see a page, similar to Figure 4.
- To access additional Product and/or Configuration information about a specific device, click the “Eye” icon at the end of its row.
- The green heart icon indicates that a device is active (transmitting PGNs) on the network – click the green heart icon to display the PGNs it is transmitting.
3.8 – PGNS Page
- To display all the PGNs being received, click on the PGNS icon/button and the table in Figure 5 will be displayed.
- To view specific PGN data, click on the “Info” icon on that PGN’s row.
3.8 – View Data Page
- To display and log the raw NMEA 2000 data being received, click on the View Data icon/button and the page in Figure 6 will be displayed.
3.9 – Install Page
- N2K Protect provides a series of tests and tools for the marine electronics installer. To access them, click on the Install button of the home page and a similar screen to Figure 7 will be displayed.
- One of the prime functions of the N2K Protect is to allow an Installer to test and validate the NMEA 2000 Network as part of their installation and commissioning process.
- The Device Certification Tests identify the devices on the network that are in the NMEA 2000 Certified Products database – maintained by the NMEA organization.
- The Network Topography Tests identify duplicate devices that have not had their Device Instance correctly set, devices that are sending out duplicate PGNs and data sources whose priority is wrong.
- The Device Configuration Tools allow the Installer to set the two text fields in a device’s Configuration Info PGN, change a device’s Device Instance or command a device to have a particular CAN address.
- The Miscellaneous Tests identify devices that are outputting important navigational PGNs with “no data” in key fields, extract the Firmware Versions of all devices on the network and add up the total LEN values of the physical devices on the network.
- The final tool at the bottom of the Install page, CANShot™ is a key function of N2K Protect and is covered in detail in section 3.10.
3.10 – Creating the CANShot™ and securing N2K Protect
- N2K Protect is designed to monitor and protect the NMEA 2000 network 24/7, by constantly checking that the devices and data on the network are the same as when the network was installed and commissioned.
- After the Installer has finished commissioning the NMEA 2000 network and whilst all of the network devices are turned on and working normally, the Network Snapshot tool should be run.
- CANShot™ scans every device on the network, creating a network index file which can be downloaded for the Installer’s records and also stored in N2K Protect. This snapshot is then used in the Realtime tests to constantly check for “unknown” new devices or unusual, potentially malicious behaviour.
- When you start the CANShot™ you are asked if you wish to “lock down” N2K Protect by creating a “Super User” password (see Figure 8). This ensures that only someone with the Super User password can make changes to the NMEA 2000 network.
- It is only possible to take future, new CANShots™ by first entering the Super User password, so it is very important that this password not lost or forgotten. If this happens contact support@digitalyacht.co.uk.
- If you click NO, then the CANShot™ will be taken as normal, but anyone can take a subsequent CANShot™ without entering a password. This is fine when familiarising yourself with the process but we strongly recommended securing N2K Protect with a Super User password once the testing and commissioning of the network has been completed.
- The time that it takes for a CANShot™ to be taken, depends upon the size of the network. A status bar is displayed showing the progress.
- Once completed, a “success” pop-up will be displayed and the CANShot™ will be stored in the N2K Protect’s secure memory. The Installer can download a copy of the CANShot™ by clicking the “Save CSV File” button.
- N2K Protect will now start monitoring and protecting the NMEA 2000 network.
Settings
By default, N2K Protect creates a wireless network (Access Point), with Name
(SSID) = “N2KProtect-xxxx” and Password = “PASS-xxxx”, where xxxx is a four
digit code, unique to your device – see example in Figure 10. As N2KProtect is a security device, we
strongly recommend that you change the default wireless Password and/or the
SSID (network name). Even though these are unique to you, anyone can read the
online copy of this manual and work out what your password is once then can
scan and see your wireless network.
It is much more secure to make N2KProtect join the vessel’s main wireless
network, particularly if it is protected with the latest WPA3 encryption. To
do this, from the Home page, click on the Settings icon/button and in the
Network Settings section at the top of the page change WiFi Mode to STA, see
Figure 11.Click the Scan button
to scan for available wireless networks, select the network you want to join
from the drop-down list, enter the wireless password and click the Update
Settings button.
N2K Protect will now display a window saying that the Wi-Fi settings have been
changed and the unit will now reboot. On rebooting it will try to join the
selected wireless network and if successful the Status LED will stop flashing
a few seconds after booting up and stay permanently ON.
If the Status LED is OFF with a short flash every two seconds, then N2K
Protect has failed to connect to the selected network. Wait 30-45secs for N2K
Protect to revert to AP mode or press and hold the reset button for >10secs
for a factory reset.
Also, on the Settings page is the Gateway firmware version – see Figure 12.
Updates to the firmware can be done via the web interface. It is expected that
there will be numerous and frequent updates for N2K Protect. Please regularly
monitor the dedicated https://n2kprotect.com website that we have setup for
N2K Protect.This Quick Start Manual
just covers the very basic operation of N2K Protect and a more detailed
description is given in the training video at…
https://www.youtube.com/watch?v=gyVuXdKWPOA