Security notes for LogicMachine

Please follow these points to make your installation secure:

1. Do not use port forwarding. Use OpenVPN or ZeroTier for commissioning. Use LM cloud for remote control.

2. Do not enable unnecessary services – FTP, Remote Diagnostics, Remote services, etc.

3. Change the default admin passwords

4. Disable KNX/IP features (System config -> Network -> KNX connection) if:

• You have finished programming your KNX devices from ETS and this is not needed anymore.
• KNX/IP routing is not needed for this project.

5. Use HTTPS where possible. Install SSL certificate app on your LM to get a valid SSL certificate.

6. If FTP is used, use SSL/TLS

7. If communication between several LMs is required in one building:

• Provide a KNX Backbone key and set “Enable only secure communication” option.
• Enable TOS (type of service) if your switch/router supports this. This way you can enable prioritization for KNX telegrams (7 – highest priority, 0 – lowest). It means other IP packets will have lower priority over KNX telegrams – KNX telegrams will be always delivered first.

Document release data: April 1, 2022