Lindy CPU IP Access Switch Plus manual Ports, Security issues with ports

Page 57

Ports

If you accept the analogy of IP addresses being rather like telephone numbers, then think of ports as extension numbers. In a company of any size, you generally wouldn’t expect the accounts department to share the same telephone with the technical department. Although their calls may all be related to the same company, they concern very different aspects of that company.

It is the same with IP network connections. Although you have only one network link into your computer and only one IP address (phone number), you are probably performing many different tasks through that one link, often at the same time. Thus, when you browse the web your outgoing requests and the incoming information are all channelled through port 80. When you send an email, it travels through port 25 and when you transfer files you are, without knowing it, using port 20.

At the “border crossing” between the wider Internet and every local network attached to it, there is a router that is usually combined with a firewall. One of its main tasks is to direct incoming traffic to the correct place within its local network. A key piece of information to help it do this is the port number:

User accesses the company

Internet

User with VNC viewer accesses

IP address: 129.7.1.10 (this

website at: 129.7.1.10 (this

 

 

automatically uses port 5900).

automatically uses port 80).

 

 

 

Router/firewall address: 129.7.1.10 Router is programmed to send port 5900 VNC traffic to local address 192.168.0.3 and port 80 web traffic to local address 192.168.0.42

LOC REM VNC 100 LNK PWR

Web server

IP

 

Access Switch Plus

 

CPU IP has the local IP

Web server has the local

address: 192.168.0.3

IP address: 192.168.0.42

Security issues with ports

The settings of port numbers become important when the CPU IP is situated behind a network firewall. In order for a remote VNC viewer or web browser to make contact with your CPU IP, it is necessary for the firewall to allow communication through a particular numbered port to occur.

One specific function of firewalls is to restrict access to ports in order to prevent malicious attackers using them as a route into your network. Every new port that is opened offers a new possibility for hackers and so the number of accessible ports is purposefully kept to a minimum. In such cases, it may be advantageous to change one or both CPU IP ports to use the same number. The other alternative is to place the CPU IP unit outside the firewall and take full advantage of its secure operation features – see Networking issues for details.

IMPORTANT: The correct configuration of routers and firewalls requires advanced networking skills and intimate knowledge of the particular network. LINDY cannot provide specific advice on how to configure your network devices and strongly recommend that such tasks are carried out by a qualified professional.

   



56

Page 56 Page 58
Image 57
Page 56 Page 58
Contents  CPU IP Access Switch PlusContents Index Local user Four simultaneous remote usersModem/ISDN port IP network/InternetCPU IP Access Switch Plus features front and rear CD-ROM What’s in the box What you may additionally needSingle unit rack brackets MountingDouble unit rack brackets  Connections Host computer or KVM switchIP network port Local keyboard, video monitor and mouseTo connect a local keyboard, video monitor and mouse To connect the IP network portTo connect the power supply Power supply connectionModem/ISDN port To connect a modem or Isdn portTo connect and address the switch boxes Power control portPart 1 Local configuration Initial configurationPart 1 Local configuration Part 2 Remote configurationAdmin password To perform the initial local configurationTime and Date EncryptionCPU IP encryption settings Encryption settingsViewer encryption settings EncryptionTo restore mouse operation when hot plugging Which restore setting do I use?Hot plugging and mouse restoration Recognising an IntelliMouse-style mouseCPU IP asks for an unknown admin password Resetting the configurationCPU IP does not display the configuration sequence To invoke a configuration reset by main menuTo perform the remote configuration Part 2 Remote configurationPort settings Networking issuesPositioning CPU IP in the network Placing CPU IP behind a router or firewallTo discover a DHCP-allocated IP address AddressingDNS addressing Firewall/router addressPlacing CPU IP alongside the firewall Ensuring sufficient securityPorts Power control sequences Power switching configurationTo configure the power sequences for each host computer Power OffImportant Wait until the upgrade is complete Performing a flash upgradeLocal connection Connecting to the CPU IPTo make a local connection To view the local control menuTo avoid the ‘hall of mirrors’ effect Remote connectionsTo connect using your Web browser To connect using the VNC viewerRemote connection by VNC viewer Remote connection by Web browserUsing the viewer window When using the viewer windowMenu bar Mouse pointers ConfigureHost selection To select a hostPower control Access mode shared/privateAuto calibrate Re-synchronise mouseControls Phase Setting the Threshold manuallyContrast  Connecting via dial up modem or Isdn link Downloading VNC viewer from the CPU IPIf you need to enter a port number Supported web browsers Viewer encryption settingsWindows LinuxGetting assistance TroubleshootingTo access the local configuration menus Appendix 1 Local configuration menusUnit configuration Network configuration Modem configuration To reset the CPU IP configuration Reset configurationClear IP access control What is IP access control?To clear IP access control Colour/Encoding Appendix 2 VNC viewer connection optionsAuto select Preferred encodingMisc InputsReload defaults DefaultsSave as defaults Save configuration file asAppendix 3 VNC viewer window options Appendix 4 Browser viewer options Encoding and colour levelSecurity Appendix 5 Remote configuration menus To access the remote configuration menusMain configuration menu Logged on users User accounts Hardware Version Screensaver timeoutFirmware Version Host Keyboard LayoutIdle timeout Advanced unit configurationProtocol timeout Force VNC protocolIP access control IP network maskIP gateway To define a new IP access control entry Setting IP access controlTo reorder access control entries To edit/remove access control entriesSerial port configuration Power control portModem port To create a new host entry Host configurationTo copy and paste the log Logging and statusOccurred Click to clear All log entries Refresh ListAppendix 6 Addresses, masks and ports IP addressesNet masks Inside a bit-wise and function Net masks the binary explanationBinary equivalent Binary octet afterSingle locations Calculating the mask for IP access controlAll locations Address rangesPorts Security issues with ports6pin mini-DIN 9pin D-type Appendix 7 Cable and connector specifications4pin RJ10 FemaleAppendix 8 Hotkey sequence codes Warranty Other products in the CPU Switch rangeSafety information Safety considerations when using power switches with CPU IPRadio Frequency Energy European EMC directive 89/336/EECFCC Compliance Statement United States Germany France Italia USAIndex 
Top Page Image Contents