Black Box KV1424A-R2, KV1416A-R2, KV0416A-R2, KV0424A-R2 manual Ports, Security issues with ports

Page 100

Ports

If you accept the analogy of IP addresses being rather like telephone numbers, then think of ports as extension numbers. In a company of any size, you generally wouldn’t expect the accounts department to share the same telephone with the technical department. Although their calls may all be related to the same company, they concern very different aspects of that company.

It is the same with IP network connections. Although you have only one network link into your server and only one IP address (phone number), you are probably performing many different tasks through that one link, often at the same time. Thus, when you browse the web your outgoing requests and the incoming information are all channelled through port 80. When you send an email, it travels through port 25 and when you transfer files you are, without knowing it, using port 20.

At the “border crossing” between the wider Internet and every local network attached to it, there is a router that is usually combined with a firewall. One of its main tasks is to direct incoming traffic to the correct place within its local network. A key piece of information to help it do this is the port number:

User accesses the company

Internet

User with VNC viewer accesses

IP address: 129.7.1.10 (this

website at: 129.7.1.10 (this

 

 

automatically uses port 5900).

automatically uses port 80).

 

 

 

Router/firewall address: 129.7.1.10 Router is programmed to send port 5900 VNC traffic to local address 192.168.0.3 and port 80 web traffic to local address 192.168.0.42

 

Web server

ServSwitch CX with IP

Web server has the local

has the local IP address:

IP address: 192.168.0.42

192.168.0.3

 

Security issues with ports

The settings of port numbers become important when the ServSwitch CX with IP is situated behind a network firewall. In order for a remote VNC viewer or web browser to make contact with your ServSwitch CX with IP, it is necessary for the firewall to allow communication through a particular numbered port to occur.

One specific function of firewalls is to restrict access to ports in order to prevent malicious attackers using them as a route into your network. Every new port that is opened offers a new possibility for hackers and so the number of accessible ports is purposefully kept to a minimum. In such cases, it may be advantageous to change one or both ServSwitch CX with IP ports to use the same number. The other alternative is to place the ServSwitch CX with IP unit outside the firewall and take full advantage of its secure operation features – see Networking issues for details.

IMPORTANT: The correct configuration of routers and firewalls requires advanced networking skills and intimate knowledge of the particular network. Black Box cannot provide specific advice on how to configure your network devices and strongly recommend that such tasks are carried out by a qualified professional.

®

   



99

Page 99 Page 101
Image 100
Page 99 Page 101
Contents ServSwitch CX Contents Further information Index Introduction ServSwitch CX features front and rear Front panel buttonsServSwitch CX ServSwitch CX with IP What’s in the box What you may additionally needRack brackets MountingConnections Connections Local user To connect the local user portCable lengths for remote user locations Remote user via CX Remote extenderTo connect a remote user Global user IP network port To connect the Global user IP network portServer system via SAM To connect a server systemModem/ISDN port To connect a modem or Isdn adapterPower in connection To connect the power supplyPower control port To connect and address the switch boxesCascading multiple units See alsoHow cascade connections operate Addressing servers in a cascade 43 41Connecting ServSwitch CX units in cascade Numbering diagramTips for successful cascading To connect units in cascadeTesting specific links to cascaded servers Using cascaded serversTo test a specific link Slave ServSwitch CX Multiple video head connectionsOverall initial configuration Configuration menus To access the configuration menu local and remote usersTo access the configuration menu global users HotkeysGeneral security and configuration steps Configuration menus layoutTo enable general security To set an Admin passwordAdmin user Access to all servers Press Access to no servers PressRegistering users edit user list To create/edit user accountsRegistering servers edit computer list Tips when creating/editing server entriesTo create/edit server entries See Remote user skew adjustment for details Video compensationTo apply server video compensation Server video compensationVertical edges of images Remote user video compensation To display a suitable high contrast imageTo apply remote user video compensation If the image controls cannot provide a crisp imageRemote user skew adjustment To use skew adjustmentUsing the supplied skew pattern Creating a skew test patternNum Lock for Red, Caps Lock for Green To select an autoscan mode AutoscanningTo select an autoscan period To define an autoscan listSaving and restoring configuration settings Preparations for configuration save/loadWhat to do if the Admin password has been forgotten To reset ServSwitch CX modelsTo reset the ServSwitch CX with IP models Configuration screensWhich restore setting do I use? To restore mouse operation when hot pluggingHot plugging and mouse restoration Recognising an IntelliMouse-style mouseTo use the initial IP-configuration sequence Initial IP configurationTo configure IP-specific settings To configure IP details from a global user location IP configuration by global userUser Accounts ServSwitch CX with IP encryption settings Encryption settingsViewer encryption settings Networking issues Positioning ServSwitch CX with IP in the networkPort settings Placing ServSwitch CX with IP behind a router or firewallAddressing To discover a DHCP-allocated IP address DNS addressingPlacing ServSwitch CX with IP alongside the firewall By configuration page via viewerEnsuring sufficient security PortsPower switching configuration Power control sequencesTo configure the power sequences for each host server To control two or more ports simultaneouslyKvmadmin utility Kvmadmin command ip address parametersKvmadmin -getconfig kvm1.cfg Kvmadmin -setusers users.csvPerforming upgrades Upgrading ServSwitch CX models and SAMsItems required to use the upgrade utility To use the KVM Firmware Uploader utilitySelect the items to be upgraded Select the upgrade file to be usedWhere Vxxx is the upgrade file version number Commence the upgradeTo upgrade ServSwitch CX with IP models Upgrading ServSwitch CX with IP modelsPerform upgrade button ServSwitch CX models ServSwitch CX with IP modelsComputer button and numeric indicator User button and numeric indicatorLocal and remote user access To gain access as a local or remote userTo select a server using the front panel controls Selecting a serverStandard hotkeys To select a server using hotkeysKeep Pressed down until all other Numbers have been entered To select a server using mouse buttons To select a server using the on-screen menuTo select a server using mouse buttons Advanced method Selecting cascaded servers Logging in and outConfirmation box To change banner colours or disable the banner To use the Routing status featureReminder banner Routing statusTo switch a server on or off Power switching via configuration menuUser preferences and functions Global user access To access via the VNC viewer Global user access via VNC viewerTo download the VNC viewer Global user access via web browser To access via your web browserWhen using the viewer window Using the viewer windowMenu bar Mouse pointers ConfigureTo select a host Access mode shared/private Power switching via viewerAuto calibrate Re-synchronise mouseSingle Mouse Mode ControlsMouse Control Resync MouseKVM switch menu When entering codesVideo Settings Keyboard Control InfoUsing automatic configurations Increased by 50% when a slow link is detectedSetting the Threshold manually Host system informationAccess via dial up modem or Isdn link If you need to enter a port numberTo initiate a dial up link To enter a port number in a Web browserViewer encryption settings Supported web browsersWindows LinuxTroubleshooting When logging on using VNC viewer, I cannot enter a usernameGetting assistance Techhelp@blackbox.co.ukTo access the configuration menus Appendix 1 Configuration menusConfigure IP port Functions User Preferences OSD ColourReminder Banner Reminder ColourMouse Switching Autoscan ModeGlobal Preferences Screen SaverUser Timeout OSD Dwell TimeRS232 Mouse Type Mouse TypeSetup Options Keypads ControlsLanguage Exclusive UseAutomatic Logout Advanced Options DDC OptionsConfigure IP port Unit ConfigurationNetwork Configuration Modem Configuration Reset ConfigurationWhat is IP access control? Clearing IP access controlTo clear IP access control Appendix 2 Configuration pages via viewer To access the remote configuration pagesUser accounts Unit configuration Admin PasswordHardware Version Firmware VersionAdvanced unit configuration Time & date configuration Network configuration IP Access ControlMAC address IP Network MaskSetting IP access control To define a new IP access control entryTo reorder access control entries To edit/remove access control entriesPower control port Serial port configurationModem port Host configuration Erase Host ConfigurationAdd entry for unrecognised host To create a new host entryPort Direct Port/host addressing using Port DirectExamples Logging and status To copy and paste the logSyslog Server IP Address For further details To get hereAppendix 3 VNC viewer connection options Colour/EncodingAuto select Preferred encodingEnable all inputs Disable all inputs view-only modeInputs CustomiseScaling MiscDefaults Reload Defaults SaveIdentities Load / SaveAppendix 4 VNC viewer window options Encoding and colour level Appendix 5 Browser viewer optionsSecurity Appendix 6 Addresses, masks and ports IP addressesNet masks Want to know more?154 Net masks the binary explanationCalculating the mask for IP access control Single locationsAll locations Address rangesSecurity issues with ports PortsPower switch to power switch daisy chain cable Appendix 7 Cable and connector specificationsRS232 serial flash upgrade cable Multi-head synchronisation cable Permissible key presses Appendix 8 Hotkey sequence codesCreating macro sequences Appendix 9 Supported video modes Safety information General Public License LinuxEnd user licence agreement Radio Frequency Energy European EMC directive 89/336/EECFCC Compliance Statement United States Canadian Department of Communications RFI statementFCC requirements for telephone-line equipment Certification notice for equipment used in CanadaNormas Oficiales Mexicanas NOM electrical safety statement Instrucciones de seguridad109 Index 111 112 BlackBox subsidiary contact details Country Web Site/Email Phone Fax
Top Page Image Contents