Black Box kv1081a, kv1161a manual Placing ServSwitch CX Uno IP alongside the firewall, Ports

Page 31

Placing ServSwitch CX Uno IP alongside the firewall

ServSwitch CX Uno IP is built from the ground-up to be secure. It employs a sophisticated 128bit public/private key system that has been rigorously analysed and found to be highly secure (a security white paper is available upon request from Black Box). Therefore, you can position the ServSwitch CX Uno IP alongside the firewall and control hosts that are also IP connected within the local network.

IMPORTANT: If you make the ServSwitch CX Uno IP accessible from the public Internet, care should be taken to ensure that the maximum security available is activated. You are strongly advised to enable encryption and use a strong password. Security may be further improved by restricting client IP addresses, using a non-standard port number for access.

Ensuring sufficient security

The security capabilities offered by the ServSwitch CX Uno IP are only truly effective when they are correctly used. An open or weak password or unencrypted link can cause security loopholes and opportunities for potential intruders. For network links in general and direct Internet connections in particular, you should carefully consider and implement the following:

Ensure that encryption is enabled.

By local configuration menu or global configuration page.

Ensure that you have selected secure passwords with at least 8 characters and a mixture of upper and lower case and numeric characters.

By global configuration page.

Reserve the admin password for administration use only and use a non- admin user profile for day-to-day access.

Use the latest Secure VNC viewer (this has more in-built security than is available with the Java viewer). To download the viewer.

Use non-standard port numbers.

Restrict the range of IP addresses that are allowed to access the ServSwitch CX Uno IP to only those that you will need to use. To restrict IP access.

Do NOT Force VNC protocol 3.3.

Ensure that the computer accessing the ServSwitch CX Uno IP is clean of viruses and spyware and has up-to-date firewall and anti-virus software loaded that is appropriately configured.

Avoid accessing the ServSwitch CX Uno IP from public computers.

Security can be further improved by using the following suggestions:

Place the ServSwitch CX Uno IP behind a firewall and use the port numbers to route the VNC network traffic to an internal IP address.

Review the activity log from time to time to check for unauthorized use.

Lock your server consoles after they have been used.

A security white paper that gives further details is available upon request from Black Box.

Ports

In this configuration there should be no constraints on the port numbers because the ServSwitch CX Uno IP will probably be the only device at that IP address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.

Addressing

When the ServSwitch CX Uno IP is situated alongside the firewall, it will require a public static IP address (i.e. one provided by your Internet service provider).

More addressing information:

Discover DHCP-allocated addresses

DNS addressing

®

   



30

Image 31
Contents ServSwitch CX Uno IP Contents Further information Index Many computers Global usersSAM formats ServSwitch CX Uno IP features front and rear What you may additionally need What’s in the boxSingle unit rack brackets MountingDouble unit rack brackets SAM ConnectionsTo connect the local user port Local userFrom video monitor From USB keyboard and mouse IP network link ServSwitch CX Uno IP Front panelGlobal user IP network port To connect the Global user IP network portTo connect a computer system Computer system via SAMExceeds 40 degrees Centigrade Power in connectionTo connect the power supply Output lead from Power adapterTo connect and address the switch boxes Power control portSee also Cascading multiple unitsCascade tree Tips for successful cascading Connecting units in cascadeTo connect units in cascade Addressing computers in a cascade Using cascaded computersIt is recommended that Second SAM in each pair is a Multiple video head connectionsUSB-type and that it is plugged Host computer port/channel Video off Remote switching controlCable from serial Control device Rear panel Overall initial configuration ConfigurationInitial configuration Security To access the main menu HotkeysMain menu Menu layoutRegistering users and host computers General security and configuration stepsTo enable general security To set an Admin passwordTo clear a password and restore factory default settings What to do if the Admin password has been forgottenWhat is IP access control? Clearing IP access controlTo clear IP access control To configure the unit from a global user location Full configuration by global userServSwitch CX Uno IP encryption settings Encryption settingsViewer encryption settings Positioning ServSwitch CX Uno IP in the network Networking issuesFirewall/router address Placing ServSwitch CX Uno IP behind a router or firewallPort settings AddressingDNS addressing To discover a DHCP-allocated IP addressEnsuring sufficient security Placing ServSwitch CX Uno IP alongside the firewallPorts To control two or more ports simultaneously Power switching configurationPower control sequences To configure the power sequences for each host computerTo invoke backup/recovery mode Upgrading ServSwitch CX Uno IP modelsRecovering from a failed upgrade To upgrade ServSwitch CX Uno IP modelsFront panel indicators Accessing the ServSwitch CX Uno IPSelecting a computer Local user accessSelect Host menu here you can select computers by name To select a computer using the Select Host menuWhen choosing Standard hotkeysTo log To select a computer using mouse buttonsTo select a computer using mouse buttons Advanced method Logging in and outReminder banner To enable/disable the confirmation boxTo change banner colors or disable the banner Confirmation boxUser preferences and functions Orange dot indicators in the Select Host menuGlobal User Global user accessTo download the VNC viewer Global user access via VNC viewerTo access via the VNC viewer Enter the ServSwitch CX Uno IP address here and click OKTo access via your web browser Global user access via web browserWhen using the viewer window Using the viewer windowMenu bar To select a host ConfigureMouse pointers Host selectionRe-synchronize mouse Access mode shared/privatePower switching Auto calibrateControls Keyboard Control Enable Sun TranslationWhen entering codes Video SettingsIncreased by 50% when a slow link is detected Using automatic configurationsSetting the Threshold manually Custom Video Modes Advanced SettingsOverlap Capture If you need to enter a port number Viewer encryption settingsSupported web browsers Techhelp@blackbox.co.uk TroubleshootingWhen logging on using VNC viewer, I cannot enter a username Getting assistanceTo access the local setup menus Appendix 1 Local setup menusFunctions Power ControlRestore Standard Mouse Restore IntellimouseScreen Saver User PreferencesReminder Banner Reminder ColorSettings 1, 2, 5, 10, 30 Seconds, 1, 5, 10 Minutes Mouse SwitchingSettings Disabled 2, 5, 10,15 or 20 Minutes User TimeoutSettings Disabled, Enabled Setup OptionsIP address, net mask, VNC port, etc ConfigurationIP admin password, encryption settings, etc Completely resets the ServSwitch CX Uno IP unitUnit Configuration Network Configuration Options Port Serial ConfigurationSettings Power Control, Sync Units Settings 1200, 2400, 4800, 9600, 19200, 38400, 57600To reset the ServSwitch CX Uno IP configuration Reset ConfigurationTo access the remote configuration pages Appendix 2 Configuration pages via viewerMain configuration Logged on users User accounts Unit configuration Advanced unit configuration Time & date configuration IP Gateway Network configurationIP Access Control IP Network MaskTo edit/remove access control entries Setting IP access controlTo define a new IP access control entry To reorder access control entriesOptions Port Use Serial port configurationBaud Rate To create a new host entry Host configurationErase Host Configuration Add entry for unrecognized hostFor further details To get here Logging and statusTo copy and paste the log Syslog Server IP AddressLdap configuration Preferred encoding Appendix 3 VNC viewer connection optionsColor/Encoding Auto selectCustomize Enable all inputsDisable all inputs view-only mode InputsMisc Custom Size ScalingNo Scaling Scale to Window SizeLoad / Save Defaults ReloadDefaults Save IdentitiesAppendix 4 VNC viewer window options Encoding and color level Appendix 5 Browser viewer optionsSecurity IP addresses Appendix 6 Addresses, masks and portsNet masks Binary octet after Net masks the binary explanationOperation with net mask Binary equivalentAddress ranges Calculating the mask for IP access controlSingle locations All locationsPorts Security issues with portsSLAVE2 end 9pin D-type female Appendix 7 Cable and connector specificationsPower switch to power switch daisy chain cable 9pin D-type female 4pin RJ9Permissible key presses Appendix 8 Hotkey sequence codesCreating macro sequences Appendix 9 Supported video modes General Public License Linux Safety informationEnd user licence agreement Canadian Department of Communications RFI statement Radio Frequency EnergyEuropean EMC directive 89/336/EEC FCC Compliance Statement United StatesCertification notice for equipment used in Canada Instrucciones de seguridad Normas Oficiales Mexicanas NOM electrical safety statement Index Server Access Module connection Country Web Site/Email Phone Fax BlackBox subsidiary contact details