Factory Defaulting Pathway Ethernet Devices

For recovery of devices that are members of a security domain for which the password is not known

 

BACKGROUND

With the introduction of several cyber-security laws beginning January 2020, Pathway Connectivity has developed security features in the latest version of Pathscape as well as our Ethernet-equipped devices’ newest firmware. These security features are designed to keep unauthorized users from taking control of your lighting network for nefarious purposes such as denial-of-service or ransomware attacks, through the internet or locally from unsecured access points.

OVERVIEW

This security system is built around the concept of “Domains”. To secure a network, the administrator creates a new Security Domain in Pathscape with a password. The admin then adds the relevant devices to the security domain. Those devices are then secured, with both data and configuration traffic being securely authenicated. A “bad actor” cannot make changes to the network without the domain password, and using that password to log into the domain in Pathscape.

When a new Security Domain is created, Pathscape provides a Recovery Key. This is a 25-digit alphanumeric code, similar to software installation keys you may have seen. The admin should print this Recovery Key or write it down and store it in a secure location. It is the only way to recover the domain intact if the domain passwords are lost or forgotten.

Of course, there is a possibility the Recovery Key is lost, or destroyed, due to physical movement of gear, or reasons such as changes in staff, etc. If the domain password as well as the recovery key are lost, the recovery of the domain intact is not possible. However, it is possible to reset the affected devices to their factory state, meaning they will once again be available to add to a new security domain in Pathscape. Saved Pathscape Show Files can restore all configuration and patches to restored devices.

Please remember that any device that is locked out due to a lost password and recovery key cannot be restored or unlocked by Pathway, remotely or otherwise. By law, we cannot implement a master password or backdoor method to unlock any device, as this in itself is a major security vulnerability.

If any device is locked to a domain whose password and recovery key are unknown, that device must be factory defaulted in order to restore communication with the device.

PURPOSE

This guide will demonstrate how to perform the factory default/reset procedure on all applicable Ethernet-equipped Pathway products, for a situation in which the devices are locked-out and unconfigurable due to a lost Security password or Recovery Key. Physical access to the devices is required. Any products not listed in this document do not currently support security and do not need to be in a domain to be configured by Pathscape. Refer to the appropriate products’ manual for factory defaulting procedures.

Click here to download Factory Default guide (PDF, opens in new window).