IP security is to secure any communication on the IP backbone, this affects any coupler, interface and device connected to the IP backbone.
The focus is to protect KNX installations for any attack coming via IP, especially via internet and wireless connections.
These are the recommended IP-related measures to be taken before setting up IP security:
- Filter frames based on MAC addresses
- Do not use the default KNXnet/IP multicast address (220.127.116.11)
- Never expose IP ports used for KNX
- Set the default gateway of KNXnet/IP routers to 0
- Use firewalls
- For internet access: use VPN
- Closely check wireless access points
Data security is to secure the runtime communication between devices, regardless of the communication medium.
The focus is to keep the KNX installation up and running, to avoid any malfunction or unexpected bus/device behaviour, and to protect the privacy of the inhabitants.