Adder Technology CATX-SUNA, X200AS/R manual Placing AdderView CATx IP alongside the firewall, Ports

Page 45

Placing AdderView CATx IP alongside the firewall

AdderView CATx IP is built from the ground-up to be secure. It employs a sophisticated 128bit public/private key system that has been rigorously analysed and found to be highly secure (a security white paper is available upon request from Adder Technology Ltd). Therefore, you can position the AdderView CATx IP alongside the firewall and control hosts that are also IP connected within the local network.

IMPORTANT: If you make the AdderView CATx IP accessible from the public Internet or from a modem, care should be taken to ensure that the maximum security available is activated. You are strongly advised to enable encryption and use a strong password. Security may be further improved by restricting client IP addresses, using a non-standard port number for access or limiting remote access to dial up connections only.

Ensuring sufficient security

The security capabilities offered by the AdderView CATx IP are only truly effective when they are correctly used. An open or weak password or unencrypted link can cause security loopholes and opportunities for potential intruders. For network links in general and direct Internet connections in particular, you should carefully consider and implement the following:

Ensure that encryption is enabled. .

By standard configuration menu or by configuration page via viewer.

Ensure that you have selected secure passwords with at least 8 characters and a mixture of upper and lower case and numeric characters..

By configuration page via viewer.

Reserve the admin password for administration use only and use a non- admin user profile for day-to-day access.

Use the latest Secure VNC viewer (this has more in-built security than is available with the Java viewer). To download the viewer.

Use non-standard port numbers.

Restrict the range of IP addresses that are allowed to access the AdderView CATx IP to only those that you will need to use. To restrict IP access.

Do NOT Force VNC protocol 3.3. Configuration page via viewer.

Add a further level of inherent security by restricting access only via modem or ISDN dialup.

Ensure that the computer accessing the AdderView CATx IP is clean of viruses and spyware and has up-to-date firewall and anti-virus software loaded that is appropriately configured.

Avoid accessing the AdderView CATx IP from public computers.

Security can be further improved by using the following suggestions:

Place the AdderView CATx IP behind a firewall and use the port numbers to route the VNC network traffic to an internal IP address.

Review the activity log from time to time to check for unauthorised use.

Lock your server consoles after they have been used.

A security white paper that gives further details is available upon request from Adder Technology Limited.

Ports

In this configuration there should be no constraints on the port numbers because the AdderView CATx IP will probably be the only device at that IP address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.

Addressing

When the AdderView CATx IP is situated alongside the firewall, it will require a public static IP address (i.e. one provided by your Internet service provider).

More addressing information:

Discover DHCP-allocated addresses

DNS addressing

   



44

Page 44 Page 46
Image 45
Page 44 Page 46
Contents AdderView CATx Contents Re-synchronise mouse Auto calibrateIndex Introduction Front panel buttons AdderView CATx features front and rearWhat you may additionally need What’s in the boxMounting Rack bracketsConnections Connections Remote switching ControlModem Multiple video Isdn port Head connections Cascading Multiple unitsTo connect the local user port Local userRemote user via X100/X200 extender Cable lengths for remote user locationsTo connect a remote user To connect the Global user IP network port Global user IP network portComputer system via CAM To connect a computer systemComputer video compensation for details To connect a modem or Isdn adapter Modem/ISDN portTo connect the power supply Power in connectionTo connect and address the switch boxes Power control portCascading multiple units System, called Adder Port DirectSee also How cascade connections operate CA02 Addressing computers in a cascadeConnecting AdderView CATx units in cascade Tips for successful cascadingTo connect units in cascade Using cascaded computers Testing specific links to cascaded computersTo test a specific link Multiple video head connections Host computer port/channel Video off Remote switching controlOverall initial configuration To access the configuration menu local and remote users Configuration menusTo access the configuration menu global users HotkeysConfiguration menus layout General security and configuration stepsTo enable general security To set an Admin passwordAccess to all computers Press Access to no computers Press Registering users edit user listTo create/edit user accounts Tips when creating/editing computer entries Registering computers edit computer listTo create/edit computer entries Video compensation See Remote user skew adjustment for detailsTo apply computer video compensation Computer video compensationTo display a suitable high contrast image Remote user video compensationTo apply remote user video compensation If the image controls cannot provide a crisp imageTo use skew adjustment Remote user skew adjustmentUsing the supplied skew pattern Creating a skew test patternNum Lock for Red, Caps Lock for Green Autoscanning To select an autoscan modeTo select an autoscan period To define an autoscan listSaving and restoring configuration settings Preparations for configuration save/loadTo transfer configuration settings Hints for editing To edit the configuration settingsTo reset AdderView CATx models What to do if the Admin password has been forgottenTo reset the AdderView CATx IP models Configuration screensTo restore mouse operation when hot plugging Which restore setting do I use?Hot plugging and mouse restoration Recognising an IntelliMouse-style mouseInitial IP configuration To use the initial IP-configuration sequenceTo configure IP-specific settings IP configuration by global user To configure IP details from a global user locationUser Accounts Encryption settings AdderView CATx IP encryption settingsViewer encryption settings Positioning AdderView CATx IP in the network Networking issuesPort settings Placing AdderView CATx IP behind a router or firewallAddressing DNS addressing To discover a DHCP-allocated IP addressPlacing AdderView CATx IP alongside the firewall By configuration page via viewerEnsuring sufficient security PortsPower control sequences Power switching configurationTo configure the power sequences for each host computer To control two or more ports simultaneouslyKvmadmin command ip address parameters Kvmadmin utilityKvmadmin -getconfig kvm1.cfg Kvmadmin -setusers users.csvItems required to use the upgrade utility Performing upgradesUpgrading AdderView CATx models and CAMs To use the KVM Firmware Uploader utilitySelect the upgrade file to be used Select the items to be upgradedCommence the upgrade Issues to consider when performing flash upgradesUpgrading AdderView CATx IP models To upgrade AdderView CATx IP modelsFront panel controls Accessing the AdderView CATxAdderView CATx models AdderView CATx IP modelsTo gain access as a local or remote user Local and remote user accessTo select a computer using the front panel controls Selecting a computerStandard hotkeys To select a computer using hotkeysAbove or for even longer cascaded computers Keep Pressed down until all other Numbers have been enteredTo select a computer using the on-screen menu To select a computer using mouse buttonsTo select a computer using mouse buttons Advanced method Logging in and out Selecting cascaded computersConfirmation box To use the Routing status feature To change banner colours or disable the bannerReminder banner Routing statusPower switching via configuration menu To switch a computer on or offUser preferences and functions Global user access Global user access via VNC viewer To access via the VNC viewerTo download the VNC viewer To access via your web browser Global user access via web browserUsing the viewer window When using the viewer windowMenu bar Mouse pointers ConfigureHost selection To select a hostPower switching via viewer Access mode shared/privateAuto calibrate Re-synchronise mouseControls Single Mouse ModeMouse Control Resync MouseVideo Settings When entering codesKVM switch menu Keyboard ControlIncreased by 50% when a slow link is detected Using automatic configurationsSetting the Threshold manually System informationIf you need to enter a port number Access via dial up modem or Isdn linkTo initiate a dial up link To enter a port number in a Web browserSupported web browsers Viewer encryption settingsWindows LinuxWhen logging on using VNC viewer, I cannot enter a username TroubleshootingGetting assistance US +1 888 275Appendix 1 Configuration menus To access the configuration menusConfigure IP port Functions User Preferences Autoscan Mode Mouse SwitchingGlobal Preferences Screen SaverOSD Dwell Time User TimeoutRS232 Mouse Type Mouse TypeKeypad Controls Setup OptionsLanguage Exclusive UseAutomatic Logout Settings AUTO, ManualAudio Add ComputersDDC Refresh Settings AT START, Disabled DDC Source Settings AUTO, LOCAL, DefaultAdvanced Options DDC OptionsDefault Country Country Code Settings AUTO, MANUAL, DisabledSetup Options Force Mode Settings DISABLED, EnabledIP admin password, encryption settings, etc Configure IP portIP address, net mask, VNC port, etc Baud rate, initialisation string, etcUnit Configuration Network Configuration Modem Configuration Reset Configuration Clearing IP access controlTo reset the AdderView CATx IP configuration What is IP access control?To access the remote configuration pages Appendix 2 Configuration pages via viewerUser accounts Admin Password Unit configurationHardware Version Firmware VersionAdvanced unit configuration Time & date configuration IP Access Control Network configurationIP Network Mask IP GatewayTo define a new IP access control entry Setting IP access controlTo reorder access control entries To edit/remove access control entriesSerial port configuration Power control portModem port Erase Host Configuration Host configurationAdd entry for unrecognised host To create a new host entryPort/host addressing using Adder Port Direct Adder Port DirectExamples To copy and paste the log Logging and statusSyslog Server IP Address For further details To get hereColour/Encoding Appendix 3 VNC viewer connection optionsAuto select Preferred encodingDisable all inputs view-only mode Enable all inputsInputs CustomiseMisc ScalingDefaults Save Defaults ReloadIdentities Load / SaveAppendix 4 VNC viewer window options Appendix 5 Browser viewer options Encoding and colour levelSecurity IP addresses Appendix 6 Addresses, masks and portsNet masks Want to know more?Net masks the binary explanation 154Single locations Calculating the mask for IP access controlAll locations Address rangesPorts Security issues with portsAppendix 7 Cable and connector specifications Power switch to power switch daisy chain cableRS232 serial flash upgrade cable Multi-head synchronisation cable Appendix 8 Hotkey sequence codes Permissible key pressesCreating macro sequences Appendix 9 Supported video modes Warranty Safety informationGeneral Public License Linux End user licence agreement European EMC directive 89/336/EEC Radio Frequency EnergyFCC Compliance Statement United States Canadian Department of Communications RFI statement111 Index 113 114
Top Page Image Contents