Lindy CPU IP Access Switch Plus manual Placing CPU IP alongside the firewall, Ports

Page 20

Placing CPU IP alongside the firewall

CPU IP is built from the ground-up to be secure. It employs a sophisticated 128bit public/private key system that has been rigorously analysed and found to be highly secure. Therefore, you can position the CPU IP alongside the firewall and control hosts that are also IP connected within the local network.

IMPORTANT: If you make the CPU IP accessible from the public Internet or from a modem, care should be taken to ensure that the maximum security available is activated. You are strongly advised to enable encryption and use a strong password. Security may be further improved by restricting client IP addresses, using a non-standard port number for access or limiting remote access to dial up connections only.

Ensuring sufficient security

The security capabilities offered by the CPU IP are only truly effective when they are correctly used. An open or weak password or unencrypted link can cause security loopholes and opportunities for potential intruders. For network links in general and direct Internet connections in particular, you should carefully consider and implement the following:

Ensure that encryption is enabled.

By local configuration or by remote configuration.

Ensure that you have selected secure passwords with at least 8 characters and a mixture of upper and lower case and numeric characters.

By remote configuration.

Reserve the admin password for administration use only and use a non- admin user profile for day-to-day access.

Use the latest Secure VNC viewer (this has more in-built security than is available with the Java viewer). To download the viewer.

Use non-standard port numbers.

Restrict the range of IP addresses that are allowed to access the CPU IP to only those that you will need to use. To restrict IP access.

Do NOT Force VNC protocol 3.3. Remote configuration.

Add a further level of inherent security by restricting access only via modem or ISDN dialup.

Ensure that the computer accessing the CPU IP is clean of viruses and spyware and has up-to-date firewall and anti-virus software loaded that is appropriately configured.

Avoid accessing the CPU IP from public computers.

Security can be further improved by using the following suggestions:

Use a KVM switch with On-Screen-Display driven security access and an auto- logout (after inactivity) feature to provide a second level of security.

Place the CPU IP behind a firewall and use port the numbers to route the VNC network traffic to an internal IP address.

Review the activity log from time to time to check for unauthorized use.

Lock your server consoles after they have been used.

A security white paper that gives further details is available upon request from

LINDY.

Ports

In this configuration there should be no constraints on the port numbers because the CPU IP will probably be the only device at that IP address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.

Addressing

When the CPU IP is situated alongside the firewall, it will require a public static IP address (i.e. one provided by your Internet service provider).

More addressing information:

Discover DHCP-allocated addresses

DNS addressing

   



19

Page 19 Page 21
Image 20
Page 19 Page 21
Contents CPU IP Access Switch Plus Contents Index Four simultaneous remote users Local userModem/ISDN port IP network/InternetCPU IP Access Switch Plus features front and rear What’s in the box What you may additionally need CD-ROMMounting Single unit rack bracketsDouble unit rack brackets  Host computer or KVM switch ConnectionsLocal keyboard, video monitor and mouse IP network portTo connect a local keyboard, video monitor and mouse To connect the IP network portPower supply connection To connect the power supplyModem/ISDN port To connect a modem or Isdn portPower control port To connect and address the switch boxesInitial configuration Part 1 Local configurationPart 1 Local configuration Part 2 Remote configurationTo perform the initial local configuration Admin passwordTime and Date EncryptionEncryption settings CPU IP encryption settingsViewer encryption settings EncryptionWhich restore setting do I use? To restore mouse operation when hot pluggingHot plugging and mouse restoration Recognising an IntelliMouse-style mouseResetting the configuration CPU IP asks for an unknown admin passwordCPU IP does not display the configuration sequence To invoke a configuration reset by main menuPart 2 Remote configuration To perform the remote configurationNetworking issues Port settingsPositioning CPU IP in the network Placing CPU IP behind a router or firewallAddressing To discover a DHCP-allocated IP addressDNS addressing Firewall/router addressPorts Placing CPU IP alongside the firewallEnsuring sufficient security Power switching configuration Power control sequencesTo configure the power sequences for each host computer Power OffPerforming a flash upgrade Important Wait until the upgrade is completeConnecting to the CPU IP Local connectionTo make a local connection To view the local control menuRemote connections To avoid the ‘hall of mirrors’ effectTo connect using the VNC viewer To connect using your Web browserRemote connection by VNC viewer Remote connection by Web browserMenu bar Using the viewer windowWhen using the viewer window Configure Mouse pointersHost selection To select a hostAccess mode shared/private Power controlAuto calibrate Re-synchronise mouseControls Setting the Threshold manually PhaseContrast  If you need to enter a port number Connecting via dial up modem or Isdn linkDownloading VNC viewer from the CPU IP Viewer encryption settings Supported web browsersWindows LinuxTroubleshooting Getting assistanceAppendix 1 Local configuration menus To access the local configuration menusUnit configuration Network configuration Modem configuration Reset configuration To reset the CPU IP configurationTo clear IP access control Clear IP access controlWhat is IP access control? Appendix 2 VNC viewer connection options Colour/EncodingAuto select Preferred encodingInputs MiscDefaults Reload defaultsSave as defaults Save configuration file asAppendix 3 VNC viewer window options Security Appendix 4 Browser viewer optionsEncoding and colour level Main configuration menu Logged on users Appendix 5 Remote configuration menusTo access the remote configuration menus User accounts Screensaver timeout Hardware VersionFirmware Version Host Keyboard LayoutAdvanced unit configuration Idle timeoutProtocol timeout Force VNC protocolIP gateway IP access controlIP network mask Setting IP access control To define a new IP access control entryTo reorder access control entries To edit/remove access control entriesModem port Serial port configurationPower control port Host configuration To create a new host entryLogging and status To copy and paste the logOccurred Click to clear All log entries Refresh ListNet masks Appendix 6 Addresses, masks and portsIP addresses Net masks the binary explanation Inside a bit-wise and functionBinary equivalent Binary octet afterCalculating the mask for IP access control Single locationsAll locations Address rangesSecurity issues with ports PortsAppendix 7 Cable and connector specifications 6pin mini-DIN 9pin D-type4pin RJ10 FemaleAppendix 8 Hotkey sequence codes Other products in the CPU Switch range WarrantySafety information Safety considerations when using power switches with CPU IPFCC Compliance Statement United States Radio Frequency EnergyEuropean EMC directive 89/336/EEC USA Germany France ItaliaIndex 
Top Page Image Contents