Restrictions On Engineer Manuals And Codes

[cybergibbons]

I've had some really good feedback from this forum, rather than the usual "it's like that because it's always been like that" attitude that the other alarm forums seem to have.

 

So - a fairly simple question - why do manufacturers and installers restrict access to manuals and codes?

 

I've not yet had an alarm panel that I couldn't get a manual for (though, some of them have required a degree of social engineering). There's no magic bullet to disable these alarms in the manuals. There's more than enough rope for a DIY or inquisitive user to hang themselves, but they'd need a code anyway?

 

As for codes, surely these are never left as default?

[MrHappy]

So - a fairly simple question - why do manufacturers and installers restrict access to manuals and codes?

 

The engineering code is defined in the standard for use by the co.

 

My code is not exclusive per site, should I give it to one I have in fact given them access to many sites.

 

The manual is the copy write of the manufacture its not mine to give away or distribute electronic copies, paper copies with products are still there with low end products as co. these are normally removed before the products go on site. Leave a manual & you'll have the sub asking silly questions or tinkering with the system

[matthew.brough]

 

As for codes, surely these are never left as default?

You sure about that?

[cybergibbons]

The engineering code is defined in the standard for use by the co.

 

My code is not exclusive per site, should I give it to one I have in fact given them access to many sites.

 

The manual is the copy write of the manufacture its not mine to give away or distribute electronic copies, paper copies with products are still there with low end products as co. these are normally removed before the products go on site. Leave a manual & you'll have the sub asking silly questions or tinkering with the system

 

That raises two interesting points.

 

1. Copyright on manuals and technical documentation isn't clear-cut, especially in the UK and with electronic documentation. If you aren't profiting from it and you aren't claiming it is your own, merely distributing, then I don't think you are in the wrong.

 

2. Is one code across multiple sites common practice? Nearly every alarm I have worked with stores the codes in NV memory and can be read out if you take the panel apart. So if a low-risk site was compromised and the code retrieved, could that harm high-risk sites?

You sure about that?

 

Well, no, I know they are left as default. But surely it is easier to protect systems by changing the pins (which is fairly easy to do, and definitely works) than it is to try and restrict the spread of documents?

[james.wilson]

The biggest issue to me is they contain defaulting information. In the wrong hands this is useful info. As we are a security site i want to limit potential perps using them for this purpose. As you have found the average end user doesn't care as they are unaware of the security aspects of various systems. They also think we are as service providers stopping access to systems from a commercial viewpoint. This is not the case

[GalaxyGuy]

2. Is one code across multiple sites common practice? Nearly every alarm I have worked with stores the codes in NV memory and can be read out if you take the panel apart. So if a low-risk site was compromised and the code retrieved, could that harm high-risk sites?

 

Agreed, codes are not secured in panels. Anyone gaining access to hardware could potentially publish all codes.  Second hand panels on Ebay, takeovers, Etc.

 

Eng access normally needs to be authorised by a manager user.

[matthew.brough]

Same engineer code across an installers entire base is not uncommon. Individual site engineer codes and pin of the day are quite rare. Some of the bigger installers I know have had the same engineer code for 10+ years and it becomes common knowledge amongst competitors as engineers move around, friend of a friend etc.

 

On a personal not I wouldn't be upset if an end user had a copy of the ATS engineer manual. Without the codes it is pretty useless to them and the complexity of the panel is no use to them.

 

If I had engineering manuals for my car, wouldnt mean I could do the job of the mechanic. The only issue is the defaulting info and other info that could assist defeating.

[cybergibbons]

So it sounds like it is more to protect against finger poking by users rather than a real security measure?

[matthew.brough]

So it sounds like it is more to protect against finger poking by users rather than a real security measure?

From my point, yes. Most end users struggle with set unset and alert acknowleging in so I'd be conceared about an end user reading the engineer guide, reading it can jump through hoops and see features that are not comliant with the rules then asking for them and explaining why not or what they want is going to cost ten times what they they want to pay etc etc

[Joe Harris]

Is one code across multiple sites common practice? Nearly every alarm I have worked with stores the codes in NV memory and can be read out if you take the panel apart. So if a low-risk site was compromised and the code retrieved, could that harm high-risk sites?

 

It's good to see you looking at this with the same perspective that I take and the last sentence is one that echoes my finding  There is a long, drawn out process of education and understanding ahead sadly...