Black Box ServSwitchTM manual Ports, Security issues with ports

Page 67

Ports

If you accept the analogy of IP addresses being rather like telephone numbers, then think of ports as extension numbers. In a company of any size, you generally wouldn’t expect the accounts department to share the same telephone with the technical department. Although their calls may all be related to the same company, they concern very different aspects of that company.

It is the same with IP network connections. Although you have only one network link into your computer and only one IP address (phone number), you are probably performing many different tasks through that one link, often at the same time. Thus, when you browse the web your outgoing requests and the incoming information are all channelled through port 80. When you send an email, it travels through port 25 and when you transfer files you are, without knowing it, using port 20.

At the “border crossing” between the wider Internet and every local network attached to it, there is a router that is usually combined with a firewall. One of its main tasks is to direct incoming traffic to the correct place within its local network. A key piece of information to help it do this is the port number:

User accesses the company

Internet

User with VNC viewer accesses

IP address: 129.7.1.10 (this

website at: 129.7.1.10 (this

 

 

automatically uses port 5900).

automatically uses port 80).

 

 

 

Router/firewall address: 129.7.1.10 Router is programmed to send port 5900 VNC traffic to local address 192.168.0.3 and port 80 web traffic to local address 192.168.0.42

LOC REM VNC 100 LNK PWR

Web server

BLACK BOX

 

724-746-5500

 

Wizard IP Plus has the local IP

Web server has the local

address: 192.168.0.3

IP address: 192.168.0.42

Security issues with ports

The settings of port numbers become important when the Wizard IP Plus is situated behind a network firewall. In order for a remote VNC viewer or web browser to make contact with your Wizard IP Plus, it is necessary for the firewall to allow communication through a particular numbered port to occur.

One specific function of firewalls is to restrict access to ports in order to prevent malicious attackers using them as a route into your network. Every new port that is opened offers a new possibility for hackers and so the number of accessible ports is purposefully kept to a minimum. In such cases, it may be advantageous to change one or both Wizard IP Plus ports to use the same number. The other alternative is to place the Wizard IP Plus unit outside the firewall and take full advantage of its secure operation features – see Networking issues for details.

IMPORTANT: The correct configuration of routers and firewalls requires advanced networking skills and intimate knowledge of the particular network. Black Box cannot provide specific advice on how to configure your network devices and strongly recommend that such tasks are carried out by a qualified professional.

®

   



66

Page 66 Page 68
Image 67
Page 66 Page 68
Contents ServSwitch Wizard IP Plus Contents Index Introduction VNC links. Check with Black Box for availability Wizard IP Plus features front and rearCD-ROM What’s in the box What you may additionally needSingle unit rack brackets MountingDouble unit rack brackets To make a keyboard and mouse links ConnectionsHost computer links Keyboard and mouse Single host computer or many?Analogue video link Host computer links VideoTo make a video link Digital video linkTo make an Virtual Media link Host computer links AudioHost computer links Virtual Media To make an audio linkPS/2 style keyboard and mouse connections Local console connections Keyboard and mouseTo connect a local keyboard and mouse Local console. Why?To connnect a local video monitor Local console connections VideoAnalogue video link Digital video link To connect the IP network port Local console connections AudioIP network port To connect local speakersTo connect a modem or Isdn port Power supply connectionTo connect the power supply Modem/ISDN portTo connect and address the switch boxes Power control portPart 2 Remote configuration Initial configurationPart 1 Local configuration Part 1 Local configurationEncryption To perform the initial local configurationAdmin password Time and DateEncryption Encryption settingsWizard IP Plus encryption settings Viewer encryption settingsRecognising an IntelliMouse-style mouse Which restore setting do I use?To restore mouse operation when hot plugging Hot plugging and mouse restorationWizard IP Plus does not display the configuration sequence Resetting the configurationWizard IP Plus asks for an unknown admin password To invoke a configuration reset by switchTo perform the remote configuration Part 2 Remote configurationPlacing Wizard IP Plus behind a router or firewall Networking issuesPort settings Positioning Wizard IP Plus in the networkFirewall/router address AddressingTo discover a DHCP-allocated IP address DNS addressingEnsuring sufficient security Placing Wizard IP Plus alongside the firewallPorts To control two or more ports simultaneously Power switching configurationPower control sequences To configure the power sequences for each host computerKvmadmin -setusers users.csv Kvmadmin utilityKvmadmin command ip address parameters Kvmadmin -getconfig kvm1.cfgImportant Wait until the upgrade is complete Performing a flash upgradeTo perform a flash upgrade Configure network optionTo make a local connection Connecting to the Wizard IP PlusThen please contact the system administrator for details Local connectionTo avoid the ‘hall of mirrors’ effect Remote connectionsRemote connection by Web browser To connect using the VNC viewerTo connect using your Web browser Remote connection by VNC viewerWhen using the viewer window Using the viewer windowMenu bar To select a host ConfigureMouse pointers Host selectionRe-synchronise mouse Access mode shared/privatePower control Auto calibrateRefresh Screen Single Mouse ModeControls Resync MouseInfo When entering codesVideo Settings Keyboard ControlPhase When the screen contains only host system informationIncreased by 50% when a slow link is detected Setting the Threshold manuallyTo remotely transfer files to a host computer Virtual MediaDownloading VNC viewer from the Wizard IP Plus Connecting via dial up modem or Isdn linkIf you need to enter a port number Linux Viewer encryption settingsSupported web browsers WindowsUK +44 0118 965 TroubleshootingWhen logging on using VNC viewer, I cannot enter a username Getting assistanceTo access the local configuration menus Appendix 1 Local configuration menusUnit configuration Network configuration Modem configuration To reset the Wizard IP Plus configuration Reset configurationWhat is IP access control? Clear IP access controlTo clear IP access control Preferred encoding Appendix 2 VNC viewer connection optionsColour/Encoding Auto selectCustomise Enable all inputsDisable all inputs view-only mode InputsMisc ScalingLoad / Save Defaults ReloadDefaults Save IdentitiesAppendix 3 VNC viewer window options Encoding and colour level Appendix 4 Browser viewer optionsSecurity To access the remote configuration menus Appendix 5 Remote configuration menusMain configuration menu Logged on users User accounts Host Keyboard Layout Screensaver TimeoutHardware Version Firmware VersionAdvanced unit configuration Time & date configuration IP Network Mask IP Access ControlIP Gateway To edit/remove access control entries Setting IP access controlTo define a new IP access control entry To reorder access control entriesPower control port Serial port configurationModem port To create a new host entry Host configurationPort Direct Port/host addressing using Port DirectHotkey sequences and Port Direct Hotkey sequencesTo copy and paste the log Logging and statusSyslog Server IP Address IP addresses Appendix 6 Addresses, masks and portsNet masks Binary octet after Net masks the binary explanationOperation with net mask Binary equivalentAddress ranges Calculating the mask for IP access controlSingle locations All locationsPorts Security issues with ports9pin D-type female Appendix 7 Cable and connector specificationsWizard IP Plus to power switch cable Power switch to power switch daisy chain cablePermissible key presses Appendix 8 Hotkey sequence codesCreating macro sequences Appendix 9 Supported video modes General Public License Linux Safety informationEnd user licence agreement Canadian Department of Communications RFI statement Radio Frequency EnergyEuropean EMC directive 89/336/EEC FCC Compliance Statement United StatesCertification notice for equipment used in Canada FCC requirements for telephone-line equipmentInstrucciones de seguridad Normas Oficiales Mexicanas NOM electrical safety statement Index Connections Country Web Site/Email Phone Fax BlackBox subsidiary contact details
Top Page Image Contents