Black Box kv1081a, kv1161a, servswitch cx uno ip Placing ServSwitch CX Uno IP alongside the rewall

 









Placing ServSwitch CX Uno IP alongside the ﬁrewall

ServSwitch CX Uno IP is built from the ground-up to be secure. It employs a

sophisticated 128bit public/private key system that has been rigorously analysed

and found to be highly secure (a security white paper is available upon request

from Black Box). Therefore, you can position the ServSwitch CX Uno IP alongside

the ﬁrewall and control hosts that are also IP connected within the local

network.

IMPORTANT: If you make the ServSwitch CX Uno IP accessible from the public

Internet, care should be taken to ensure that the maximum security available

is activated. You are strongly advised to enable encryption and use a strong

password. Security may be further improved by restricting client IP addresses,

using a non-standard port number for access.

Ensuring sufﬁcient security

The security capabilities offered by the ServSwitch CX Uno IP are only truly

effective when they are correctly used. An open or weak password or

unencrypted link can cause security loopholes and opportunities for potential

intruders. For network links in general and direct Internet connections in

particular, you should carefully consider and implement the following:

• Ensure that encryption is enabled.

By local conﬁguration menu or global conﬁguration page.

• Ensure that you have selected secure passwords with at least 8 characters

and a mixture of upper and lower case and numeric characters.

By global conﬁguration page.

• Reserve the admin password for administration use only and use a non-

admin user proﬁle for day-to-day access.

• Use the latest Secure VNC viewer (this has more in-built security than is

available with the Java viewer). To download the viewer.

• Use non-standard port numbers.

• Restrict the range of IP addresses that are allowed to access the ServSwitch

CX Uno IP to only those that you will need to use. To restrict IP access.

• Do NOT Force VNC protocol 3.3.

• Ensure that the computer accessing the ServSwitch CX Uno IP is clean of

viruses and spyware and has up-to-date ﬁrewall and anti-virus software

loaded that is appropriately conﬁgured.

• Avoid accessing the ServSwitch CX Uno IP from public computers.

Security can be further improved by using the following suggestions:

• Place the ServSwitch CX Uno IP behind a ﬁrewall and use the port numbers

to route the VNC network trafﬁc to an internal IP address.

• Review the activity log from time to time to check for unauthorized use.

• Lock your server consoles after they have been used.

A security white paper that gives further details is available upon request from

Black Box.

Ports

In this conﬁguration there should be no constraints on the port numbers

because the ServSwitch CX Uno IP will probably be the only device at that IP

address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.

Addressing

When the ServSwitch CX Uno IP is situated alongside the ﬁrewall, it will require

a public static IP address (i.e. one provided by your Internet service provider).

More addressing information:

Discover DHCP-allocated addresses

DNS addressing