Black Box ServSwitchTM manual Placing Wizard IP Plus alongside the firewall, Ports

Page 24

Placing Wizard IP Plus alongside the firewall

Wizard IP Plus is built from the ground-up to be secure. It employs a sophisticated 128bit public/private key system that has been rigorously analysed and found to be highly secure (a security white paper is available upon request). Therefore, you can position the Wizard IP Plus alongside the firewall and control hosts that are also IP connected within the local network.

IMPORTANT: If you make the Wizard IP Plus accessible from the public Internet or from a modem, care should be taken to ensure that the maximum security available is activated. You are strongly advised to enable encryption and use a strong password. Security may be further improved by restricting client IP addresses, using a non-standard port number for access or limiting remote access to dial up connections only.

Ensuring sufficient security

The security capabilities offered by the Wizard IP Plus are only truly effective when they are correctly used. An open or weak password or unencrypted link can cause security loopholes and opportunities for potential intruders. For network links in general and direct Internet connections in particular, you should carefully consider and implement the following:

Ensure that encryption is enabled.

By local configuration or by remote configuration.

Ensure that you have selected secure passwords with at least 8 characters and a mixture of upper and lower case and numeric characters.

By remote configuration.

Reserve the admin password for administration use only and use a non- admin user profile for day-to-day access.

Use the latest Secure VNC viewer (this has more in-built security than is available with the Java viewer). To download the viewer.

Use non-standard port numbers.

Restrict the range of IP addresses that are allowed to access the Wizard IP Plus to only those that you will need to use. To restrict IP access.

Do NOT Force VNC protocol 3.3. Remote configuration. Protocol 3.3 is a legacy version that does not offer any encryption.

Add a further level of inherent security by restricting access only via modem or ISDN dialup.

Ensure that the computer accessing the Wizard IP Plus is clean of viruses and spyware and has up-to-date firewall and anti-virus software loaded that is appropriately configured.

Avoid accessing the Wizard IP Plus from public computers.

Security can be further improved by using the following suggestions:

Use a KVM switch with On-Screen-Display driven security access and an auto- logout (after inactivity) feature to provide a second level of security.

Place the Wizard IP Plus behind a firewall and use port the numbers to route the VNC network traffic to an internal IP address.

Review the activity log from time to time to check for unauthorized use.

Lock your server consoles after they have been used.

A security white paper that gives further details is available upon request from Black Box.

Ports

In this configuration there should be no constraints on the port numbers because the Wizard IP Plus will probably be the only device at that IP address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.

Addressing

When the Wizard IP Plus is situated alongside the firewall, it will require a public static IP address (i.e. one provided by your Internet service provider).

More addressing information:

Discover DHCP-allocated addresses

DNS addressing

®

   



23

Page 23 Page 25
Image 24
Page 23 Page 25
Contents ServSwitch Wizard IP Plus Contents Index Introduction Wizard IP Plus features front and rear VNC links. Check with Black Box for availabilityWhat’s in the box What you may additionally need CD-ROMMounting Single unit rack bracketsDouble unit rack brackets Connections Host computer links Keyboard and mouseSingle host computer or many? To make a keyboard and mouse linksHost computer links Video To make a video linkDigital video link Analogue video linkHost computer links Audio Host computer links Virtual MediaTo make an audio link To make an Virtual Media linkLocal console connections Keyboard and mouse To connect a local keyboard and mouseLocal console. Why? PS/2 style keyboard and mouse connectionsLocal console connections Video To connnect a local video monitorAnalogue video link Digital video link Local console connections Audio IP network portTo connect local speakers To connect the IP network portPower supply connection To connect the power supplyModem/ISDN port To connect a modem or Isdn portPower control port To connect and address the switch boxesInitial configuration Part 1 Local configurationPart 1 Local configuration Part 2 Remote configurationTo perform the initial local configuration Admin passwordTime and Date EncryptionEncryption settings Wizard IP Plus encryption settingsViewer encryption settings EncryptionWhich restore setting do I use? To restore mouse operation when hot pluggingHot plugging and mouse restoration Recognising an IntelliMouse-style mouseResetting the configuration Wizard IP Plus asks for an unknown admin passwordTo invoke a configuration reset by switch Wizard IP Plus does not display the configuration sequencePart 2 Remote configuration To perform the remote configurationNetworking issues Port settingsPositioning Wizard IP Plus in the network Placing Wizard IP Plus behind a router or firewallAddressing To discover a DHCP-allocated IP addressDNS addressing Firewall/router addressPlacing Wizard IP Plus alongside the firewall Ensuring sufficient securityPorts Power switching configuration Power control sequencesTo configure the power sequences for each host computer To control two or more ports simultaneouslyKvmadmin utility Kvmadmin command ip address parametersKvmadmin -getconfig kvm1.cfg Kvmadmin -setusers users.csvPerforming a flash upgrade To perform a flash upgradeConfigure network option Important Wait until the upgrade is completeConnecting to the Wizard IP Plus Then please contact the system administrator for detailsLocal connection To make a local connectionRemote connections To avoid the ‘hall of mirrors’ effectTo connect using the VNC viewer To connect using your Web browserRemote connection by VNC viewer Remote connection by Web browserUsing the viewer window When using the viewer windowMenu bar Configure Mouse pointersHost selection To select a hostAccess mode shared/private Power controlAuto calibrate Re-synchronise mouseSingle Mouse Mode ControlsResync Mouse Refresh ScreenWhen entering codes Video SettingsKeyboard Control InfoWhen the screen contains only host system information Increased by 50% when a slow link is detectedSetting the Threshold manually PhaseVirtual Media To remotely transfer files to a host computerConnecting via dial up modem or Isdn link Downloading VNC viewer from the Wizard IP PlusIf you need to enter a port number Viewer encryption settings Supported web browsersWindows LinuxTroubleshooting When logging on using VNC viewer, I cannot enter a usernameGetting assistance UK +44 0118 965Appendix 1 Local configuration menus To access the local configuration menusUnit configuration Network configuration Modem configuration Reset configuration To reset the Wizard IP Plus configurationClear IP access control What is IP access control?To clear IP access control Appendix 2 VNC viewer connection options Colour/EncodingAuto select Preferred encodingEnable all inputs Disable all inputs view-only modeInputs CustomiseScaling MiscDefaults Reload Defaults SaveIdentities Load / SaveAppendix 3 VNC viewer window options Appendix 4 Browser viewer options Encoding and colour levelSecurity Appendix 5 Remote configuration menus To access the remote configuration menusMain configuration menu Logged on users User accounts Screensaver Timeout Hardware VersionFirmware Version Host Keyboard LayoutAdvanced unit configuration Time & date configuration IP Access Control IP Network MaskIP Gateway Setting IP access control To define a new IP access control entryTo reorder access control entries To edit/remove access control entriesSerial port configuration Power control portModem port Host configuration To create a new host entryPort/host addressing using Port Direct Hotkey sequences and Port DirectHotkey sequences Port DirectLogging and status To copy and paste the logSyslog Server IP Address Appendix 6 Addresses, masks and ports IP addressesNet masks Net masks the binary explanation Operation with net maskBinary equivalent Binary octet afterCalculating the mask for IP access control Single locationsAll locations Address rangesSecurity issues with ports PortsAppendix 7 Cable and connector specifications Wizard IP Plus to power switch cablePower switch to power switch daisy chain cable 9pin D-type femaleAppendix 8 Hotkey sequence codes Permissible key pressesCreating macro sequences Appendix 9 Supported video modes Safety information General Public License LinuxEnd user licence agreement Radio Frequency Energy European EMC directive 89/336/EECFCC Compliance Statement United States Canadian Department of Communications RFI statementFCC requirements for telephone-line equipment Certification notice for equipment used in CanadaNormas Oficiales Mexicanas NOM electrical safety statement Instrucciones de seguridad Index Connections BlackBox subsidiary contact details Country Web Site/Email Phone Fax
Top Page Image Contents