Connectivity & Security Info

CONNECT SERIES NETWORK CONNECTIVITY AND SECURITY INFORMATION ( FEBRUARY 2021 )

Cloud Security and Data Transmission Scheme:

AWS IoT Core is being utilized for leaprofessional.cloud and remote communication to the Connect Series amplifiers. Communication is done via MQTT over TLS on TCP port 8883. Devices are authenticated with X.509 certificates which are managed by AWS IoT Core. All data going to/from the amplifier or control devices and the cloud is encrypted. This is standard on the AWS IoT Core platform. Security and authentication policies are well documented for AWS IoT at the following link, and in other sections of the AWS IoT Core Developer Guide:

https://docs.aws.amazon.com/iot/latest/developerguide/iot-authorization.html

Cloud AWS Endpoint URL and Communication Info:

a3d7van8k8h7xq-ats.iot.us-east-1.amazonaws.com
AES-256-SHA encryption

Cloud User Interface:

Amplifiers can only be registered to one Venue within one user account. No data is sent to the cloud until the amplifiers are registered to an account. Data is only transmitted to the cloud while the user is logged in to their account and actively on the browser page. While logged in to the cloud, the selected amplifier will send/receive data multiple times per second, and non-selected amplifiers will update once per minute. Cloud Interface Website URL:

https://www.leaprofessional.cloud

Password Protection:

Each amplifier can be password protected. This password protection is only used to secure the local LAN connection and WebUI for the amplifier. It is independent of the Cloud User Account and Password and does not add a second layer of security in the Cloud. When password protected, the amplifier and WebUI utilize HTTP digest access authentication. With password protection enabled, users can also login to the amplifier as a "Guest" and will only have Read permission to that amplifier. The amplifier password can only be set locally on the amplifier through the WebUI, it cannot be set or changed through the Cloud interface.

Local LAN Connection / Ports:

The WebUI is hosted locally on the amplifier via HTTP on TCP port 80.

The WebUI and WebSocket API communicate to the amplifier on TCP port 1234.

The TCP ASCII String API communicates with the amplifier on TCP port 4321.

Below are links to Open API documentation:

https://leaprofessional.com/download/lea-tcp-protocol-rev4-nov-2020/?wpdmdl=6086&masterkey=5fa0378fb570a

https://leaprofessional.com/download/websocket-control api/?wpdmdl=5972&masterkey=5f885e2ad46e8

Firmware Updates:

The firmware update file is encrypted with AES-256-CBC. The firmware file is sent to the amplifier via the WebUI with an HTTP POST request on TCP port 80. The amplifier will authenticate the firmware file and confirm it is genuine before starting the update process. Any files that are not authenticated are rejected and deleted from the amplifier. The firmware update file and existing firmware are both kept on the amplifier until it confirms that the update has been successfully completed. The amplifier will retry firmware update if it fails or is interrupted until it confirms the update has been successful.

Amplifier Discovery:

Amplifier discovery is done via UDP Broadcast on UDP port 1234. Each amplifier broadcasts a message with identification information on the network. When an amplifier receives the broadcast, it stores the identification information for all discovered amplifiers, allowing the WebUI to view multiple amplifiers at the same time.

Network Connectivity Modes:

The Connect Series amplifiers have 3 different network connection modes: Wired Ethernet Mode, 802.11 B/G/N WiFi Mode, and Wireless Access Point Mode. Only one mode can be active at a time and the 2 modes not in use are completely disabled. The current mode is displayed on the amplifiers front screen and indicated with a color changing LED on the rear panel. If the amplifier is in Wired Ethernet Mode, the WiFi and Access Point Modes are completely disabled and will not function. Changing between different connectivity modes is done through pressing the WiFi button on the rear of the amplifier. This hardware button can be disabled in the WebUI Network Settings Menu.

Network Port Information:

Protocol

Port

Service

Description

TCP

HTTP

WebUI and Firmware Updates

TCP

1234

WebSocket

WebUI Communication and WebSocket Open API

UDP

1234

Discovery

Broadcast Network Discovery

TCP

4321

TCP Socket

TCP ASCII String API communication

TCP

8883

MQTT over TLS

Cloud Communication