dahua DHI-ASR1100B Waterproof RFID Access Reader User Manual
- June 3, 2024
- Dahua
Table of Contents
- dahua DHI-ASR1100B Waterproof RFID Access Reader User Manual
- 1 Overview
- 2 Device Structure
- 3 Device Installation
- 4 System Structure
- Appendix 1 Cybersecurity Recommendations
- 1. Use Strong Passwords
- 2. Update Firmware and Client Software in Time
- “Nice to have” recommendations to improve your device network security:
- 1. Physical Protection
- 2. Change Passwords Regularly
- 3. Set and Update Passwords Reset Information Timely
- 4. Enable Account Lock
- 5. Change Default HTTP and Other Service Ports
- 6.Enable HTTPS
- 7. MAC Address Binding
- 8. Assign Accounts and Privileges Reasonably
- 9. Disable Unnecessary Services and Choose Secure Modes
- 10. Audio and Video Encrypted Transmission
- 11. Secure Auditing
- 12. Network Log
- 13. Construct a Safe Network Environment
- Read More About This Manual & Download PDF:
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
dahua DHI-ASR1100B Waterproof RFID Access Reader User Manual
1 Overview
Reader, achieving video surveillance, is a complement to video monitoring,
visual talk products. It has simple appearance, powerful function, and is
suitable for advanced commercial building, company
property and smart community. Reader has abundant functions, including:
- Non-contact reader (read-only), within distance of 3cm~5cm, response time <0.3 s.
- Support Wiegand Protocol and RS485 protocol. RS485 baud rate is 9600 bps.
- Support watch dog.
- All connection ports have over load protection.
- IP67. Outdoor installation. Work temperature: -30℃~+60℃. Work humidity: ≤95 %.
- Buzzer and indicator prompt.
- Online upgrade.
- Advanced key management system, lowering risk of data theft or intelligent card duplicate.
2 Device Structure
The device’s structure and dimension are shown in Error! Reference source not
found.and Error!
Reference source not found.. Unit is mm.
3 Device Installation
Step 1. Fix rear cover’s self-tapping screw on wall.
Step 2. Hang front cover on hook on rear cover.
Step 3. Pull recessed screw throught hole at bottom, and lock front cover on
rear cover.
Step 4. Apply silica gel to gaps between the device and the wall. Liquid
sodium silicate is recommended.
4 System Structure
4.1 Wiring
Wiring of the device includes two groups of wires, as 8-pin and 3-pin.
| No. | Color | Port | Note | Protocol |
|---|---|---|---|---|
| 1 | Red | 12 V | 12 VDC | – |
| 2 | Black | GND | GND | – |
3
|
Blue
| ALARM_OUT| Wiegand Protocol vandal proof alarm output|
Wiegand Protocol
4| White| D1| Wiegand signal 1
5| Green| D0| Wiegand signal 0
6| Brown| LED/BELL_CTRL| Wiegand swipe card signal
7| Yellow| RS-485-| –| RS-485
protocol
8| Purple| RS-485+| –
4.2 Networking Diagram
Appendix 1 Cybersecurity Recommendations
**** Mandatory actions to be taken for basic device network security:
1. Use Strong Passwords
Please refer to the following suggestions to set passwords:
The length should not be less than 8 characters.
Include at least two types of characters; character types include upper and
lower case letters, numbers and symbols.
Do not contain the account name or the account name in reverse order. Do not
use continuous characters, such as 123, abc, etc.
Do not use overlapped characters, such as 111, aaa, etc.
2. Update Firmware and Client Software in Time
According to the standard procedure in Tech-industry, we recommend to keep
your device (such as NVR, DVR, IP camera, etc.) firmware up-to-date to ensure
the system is equipped with the latest security patches and fixes. When the
device is connected to the public network, it is recommended to enable the
“auto-check for updates” function to obtain timely information of firmware
updates released by the manufacturer.
We suggest that you download and use the latest version of client software.
“Nice to have” recommendations to improve your device network security:
1. Physical Protection
We suggest that you perform physical protection to device, especially storage devices. For example, place the device in a special computer room and cabinet, and implement well-done access control permission and key management to prevent unauthorized personnel from carrying out physical contacts such as damaging hardware, unauthorized connection of removable device (such as USB flash disk, serial port), etc.
2. Change Passwords Regularly
We suggest that you change passwords regularly to reduce the risk of being guessed or cracked.
3. Set and Update Passwords Reset Information Timely
The device supports password reset function. Please set up related information for password reset in time, including the end user’s mailbox and password protection questions. If the information changes, please modify it in time. When setting password protection questions, it is suggested not to use those that can be easily guessed.
4. Enable Account Lock
The account lock feature is enabled by default, and we recommend you to keep it on to guarantee the account security. If an attacker attempts to log in with the wrong password several times, the corresponding account and the source IP address will be locked.
5. Change Default HTTP and Other Service Ports
We suggest you to change default HTTP and other service ports into any set of numbers between 1024–65535, reducing the risk of outsiders being able to guess which ports you are using.
6.Enable HTTPS
We suggest you to enable HTTPS, so that you visit Web service through a secure communication channel.
7. MAC Address Binding
We recommend you to bind the IP and MAC address of the gateway to the device, thus reducing the risk of ARP spoofing.
8. Assign Accounts and Privileges Reasonably
According to business and management requirements, reasonably add users and assign a minimum set of permissions to them.
9. Disable Unnecessary Services and Choose Secure Modes
If not needed, it is recommended to turn off some services such as SNMP, SMTP,
UPnP, etc., to reduce risks.
If necessary, it is highly recommended that you use safe modes, including but
not limited to the following services:
SNMP: Choose SNMP v3, and set up strong encryption passwords and
authentication passwords.
SMTP: Choose TLS to access mailbox server. FTP: Choose SFTP, and set up strong
passwords.
AP hotspot: Choose WPA2-PSK encryption mode, and set up strong passwords.
10. Audio and Video Encrypted Transmission
If your audio and video data contents are very important or sensitive, we
recommend that you use encrypted transmission function, to reduce the risk of
audio and video data being stolen during transmission.
Reminder: encrypted transmission will cause some loss in transmission
efficiency.
11. Secure Auditing
- Check online users: we suggest that you check online users regularly to see if the device is logged in without authorization.
- Check device log: By viewing the logs, you can know the IP addresses that were used to log in to your devices and their key
12. Network Log
Due to the limited storage capacity of the device, the stored log is limited. If you need to save the log for a long time, it is recommended that you enable the network log function to ensure that the critical logs are synchronized to the network log server for tracing.
13. Construct a Safe Network Environment
In order to better ensure the safety of device and reduce potential cyber risks, we recommend:
- Disable the port mapping function of the router to avoid direct access to the intranet devices from external
- The network should be partitioned and isolated according to the actual network If there are no communication requirements between two sub networks, it is suggested to use VLAN, network GAP and other technologies to partition the network, so as to achieve the network isolation effect.
- Establish the 802.1x access authentication system to reduce the risk of unauthorized access to private networks.
- Enable IP/MAC address filtering function to limit the range of hosts allowed to access the device.