K-Link: Security Information
Network Security
Many Building Automation Systems (BAS) have a dedicated VLAN, kept from the rest of their network for security reasons. The K-Link is designed to work with these systems to preserve security and create a secure means of connecting.
Even if your BAS doesn’t have a dedicated VLAN, the K-Link is a push device that sends GET and PUSH requests to our REST API using SSL. It has all the precompiled code to connect to your BAS and does not need additional access or privileges to your LAN outside of an IP address.
CopperTree Analytics’ devices are typically configured with limited specific outbound ports and restricted to the domains listed in this document. Furthermore, internet access is limited to the IP addresses of applicable BAS controllers or front ends when connected to an internal network.
Passwords & System Security
We do not keep any passwords or information about your networks within the API. Some BAS connections require a username and password. The permissions are configured during setup and are stored securely (encrypted) on the local device. We do not store passwords in the API, and passwords are not accessible externally.
For some types of networks and BAS vendors, the K-Link device requires a read-only account and password for the BAS.
Device Security
CopperTree Analytics’ devices use SSL POST and GET requests to the CopperTree Analytics REST API. The requests are used for software updates, and to define data being pushed and stored.
Additional Security
CopperTree Analytics’ architects can be available for discussions or concerns around security. Additional security measures can be put in place as required.