Placing CPU IP alongside the firewall
CPU IP is built from the
IMPORTANT: If you make the CPU IP accessible from the public Internet or from a modem, care should be taken to ensure that the maximum security available is activated. You are strongly advised to enable encryption and use a strong password. Security may be further improved by restricting client IP addresses, using a
Ensuring sufficient security
The security capabilities offered by the CPU IP are only truly effective when they are correctly used. An open or weak password or unencrypted link can cause security loopholes and opportunities for potential intruders. For network links in general and direct Internet connections in particular, you should carefully consider and implement the following:
•Ensure that encryption is enabled.
By local configuration or by remote configuration.
•Ensure that you have selected secure passwords with at least 8 characters and a mixture of upper and lower case and numeric characters.
By remote configuration.
•Reserve the admin password for administration use only and use a non- admin user profile for
•Use the latest Secure VNC viewer (this has more
•Use
•Restrict the range of IP addresses that are allowed to access the CPU IP to only those that you will need to use. To restrict IP access.
•Do NOT Force VNC protocol 3.3. Remote configuration.
•Add a further level of inherent security by restricting access only via modem or ISDN dialup.
•Ensure that the computer accessing the CPU IP is clean of viruses and spyware and has
•Avoid accessing the CPU IP from public computers.
Security can be further improved by using the following suggestions:
•Use a KVM switch with
•Place the CPU IP behind a firewall and use port the numbers to route the VNC network traffic to an internal IP address.
•Review the activity log from time to time to check for unauthorized use.
•Lock your server consoles after they have been used.
A security white paper that gives further details is available upon request from
LINDY.
Ports
In this configuration there should be no constraints on the port numbers because the CPU IP will probably be the only device at that IP address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.
Addressing
When the CPU IP is situated alongside the firewall, it will require a public static IP address (i.e. one provided by your Internet service provider).
More addressing information:
Discover
DNS addressing
19