Adder Technology manual Placing AdderView CATxIP 1000 alongside the firewall, Ports

Page 31

Placing AdderView CATxIP 1000 alongside the firewall

AdderView CATxIP 1000 is built from the ground-up to be secure. It employs a sophisticated 128bit public/private key system that has been rigorously analysed and found to be highly secure (a security white paper is available upon request from Adder Technology Ltd). Therefore, you can position the AdderView CATxIP 1000 alongside the firewall and control hosts that are also IP connected within the local network.

IMPORTANT: If you make the AdderView CATxIP 1000 accessible from the public Internet, care should be taken to ensure that the maximum security available

is activated. You are strongly advised to enable encryption and use a strong password. Security may be further improved by restricting client IP addresses, using a non-standard port number for access.

Ensuring sufficient security

The security capabilities offered by the AdderView CATxIP 1000 are only truly effective when they are correctly used. An open or weak password or unencrypted link can cause security loopholes and opportunities for potential intruders. For network links in general and direct Internet connections in particular, you should carefully consider and implement the following:

Ensure that encryption is enabled. .

By local configuration menu or global configuration page.

Ensure that you have selected secure passwords with at least 8 characters and a mixture of upper and lower case and numeric characters..

By global configuration page.

Reserve the admin password for administration use only and use a non- admin user profile for day-to-day access.

Use the latest Secure VNC viewer (this has more in-built security than is available with the Java viewer). To download the viewer.

Use non-standard port numbers.

Restrict the range of IP addresses that are allowed to access the AdderView CATxIP 1000 to only those that you will need to use. To restrict IP access.

Do NOT Force VNC protocol 3.3.

Ensure that the computer accessing the AdderView CATxIP 1000 is clean of viruses and spyware and has up-to-date firewall and anti-virus software loaded that is appropriately configured.

Avoid accessing the AdderView CATxIP 1000 from public computers.

Security can be further improved by using the following suggestions:

Place the AdderView CATxIP 1000 behind a firewall and use the port numbers to route the VNC network traffic to an internal IP address.

Review the activity log from time to time to check for unauthorised use.

Lock your server consoles after they have been used.

A security white paper that gives further details is available upon request from Adder Technology Limited.

Ports

In this configuration there should be no constraints on the port numbers because the AdderView CATxIP 1000 will probably be the only device at that IP address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.

Addressing

When the AdderView CATxIP 1000 is situated alongside the firewall, it will require a public static IP address (i.e. one provided by your Internet service provider).

More addressing information:

Discover DHCP-allocated addresses

DNS addressing

   



30

Image 31
Contents AdderView CATxIP Contents Further information Index Many computers Global usersCAM formats AdderView CATxIP 1000 features front and rear What you may additionally need What’s in the boxSingle unit rack brackets MountingDouble unit rack brackets Connections CAM Computer Power System SwitchTo connect the local user port Local userCategory 5, 5e or 6 cable from Adder X100/X200 module Global user IP network portTo connect the Global user IP network port AdderView CATxIP Front panelTo connect a computer system Computer system via CAMTo connect the power supply Power in connectionOutput lead from Power adapter To connect and address the switch boxes Power control portSwitch See also Cascading multiple unitsCascade tree Tips for successful cascading Connecting units in cascadeTo connect units in cascade Addressing computers in a cascade Using cascaded computersIt is recommended that Second CAM in each pair is a Multiple video head connectionsUSB-type and that it is plugged Host computer port/channel Video off Remote switching controlCable from serial Control device Overall initial configuration ConfigurationInitial configuration Security Main menuMenu layout HotkeysRegistering users and host computers General security and configuration stepsTo enable general security To set an Admin passwordTo clear a password and restore factory default settings What to do if the Admin password has been forgottenWhat is IP access control? Clearing IP access controlTo clear IP access control To configure the unit from a global user location Full configuration by global userAdderView CATxIP 1000 encryption settings Encryption settingsViewer encryption settings Positioning AdderView CATxIP 1000 in the network Networking issuesFirewall/router address Port settingsPlacing AdderView CATxIP 1000 behind a router or firewall AddressingDNS addressing To discover a DHCP-allocated IP addressEnsuring sufficient security Placing AdderView CATxIP 1000 alongside the firewallPorts To control two or more ports simultaneously Power switching configurationPower control sequences To configure the power sequences for each host computerUpgrading AdderView CATxIP 1000 models Recovering from a failed upgradeTo upgrade AdderView CATxIP 1000 models To invoke backup/recovery modeFront panel indicators Accessing the AdderView CATxIPSelecting a computer Local user accessStandard hotkeys To select a computer using the Select Host menuSelect Host menu here you can select computers by name To log To select a computer using mouse buttonsTo select a computer using mouse buttons Advanced method Logging in and outReminder banner To enable/disable the confirmation boxTo change banner colours or disable the banner Confirmation boxUser preferences and functions Blue dot indicators in the Select Host menuGlobal User Global user accessOptions button Global user access via VNC viewerTo access via the VNC viewer To download the VNC viewerTo access via your web browser Global user access via web browserWhen using the viewer window Using the viewer windowMenu bar To select a host ConfigureMouse pointers Host selectionRe-synchronise mouse Access mode shared/privatePower switching Auto calibrateControls Enter When entering codesVideo Settings Keyboard ControlAccordingly Using automatic configurationsIncreased by 50% when a slow link is detected Setting the Threshold manuallyCustom Video Modes Advanced SettingsOverlap Capture If you need to enter a port number Viewer encryption settingsSupported web browsers US +1 888 275 TroubleshootingWhen logging on using VNC viewer, I cannot enter a username Getting assistanceTo access the local setup menus Appendix 1 Local setup menusFunctions Power ControlRestore Standard Mouse Restore IntellimouseScreen Saver User PreferencesReminder Banner Reminder ColourOSD Dwell Time Mouse SwitchingUser Timeout Global PreferencesAuto Logout Setup OptionsIP address, net mask, VNC port, etc ConfigurationIP admin password, encryption settings, etc Completely resets the AdderView CATxIP 1000 unitUnit Configuration Network Configuration Options Port Serial ConfigurationSettings Power Control, Sync Units Settings 1200, 2400, 4800, 9600, 19200, 38400, 57600To reset the AdderView CATxIP 1000 configuration Reset ConfigurationTo access the remote configuration pages Appendix 2 Configuration pages via viewerMain configuration Logged on users User accounts Unit configuration Advanced unit configuration Time & date configuration IP Gateway Network configurationIP Access Control IP Network MaskTo edit/remove access control entries Setting IP access controlTo define a new IP access control entry To reorder access control entriesOptions Port Use Serial port configurationBaud Rate To create a new host entry Host configurationErase Host Configuration Add entry for unrecognised hostFor further details To get here Logging and statusTo copy and paste the log Syslog Server IP AddressLdap configuration Preferred encoding Appendix 3 VNC viewer connection optionsColour/Encoding Auto selectCustomise Enable all inputsDisable all inputs view-only mode InputsMisc Custom Size ScalingNo Scaling Scale to Window SizeLoad / Save Defaults ReloadDefaults Save IdentitiesAppendix 4 VNC viewer window options Encoding and colour level Appendix 5 Browser viewer optionsSecurity IP addresses Appendix 6 Addresses, masks and portsNet masks Binary octet after Net masks the binary explanationOperation with net mask Binary equivalentAddress ranges Calculating the mask for IP access controlSingle locations All locationsPorts Security issues with portsAdderView CATxIP 1000 to power switch cable Appendix 7 Cable and connector specificationsPower switch to power switch daisy chain cable Permissible key presses Appendix 8 Hotkey sequence codesCreating macro sequences Appendix 9 Supported video modes Safety information WarrantyGeneral Public License Linux End user licence agreement Canadian Department of Communications RFI statement Radio Frequency EnergyEuropean EMC directive 89/336/EEC FCC Compliance Statement United StatesHoe Huat Industrial Building Index 