Black Box ServSwitch CX 用户手册
®
Placing ServSwitch CX with IP alongside the firewall
ServSwitch CX with IP is built from the ground-up to be secure. It employs a
sophisticated 128bit public/private key system that has been rigorously analysed
and found to be highly secure (a security white paper is available upon request).
Therefore, you can position the ServSwitch CX with IP alongside the firewall and
control hosts that are also IP connected within the local network.
sophisticated 128bit public/private key system that has been rigorously analysed
and found to be highly secure (a security white paper is available upon request).
Therefore, you can position the ServSwitch CX with IP alongside the firewall and
control hosts that are also IP connected within the local network.
IMPORTANT: If you make the ServSwitch CX with IP accessible from the public
Internet or from a modem, care should be taken to ensure that the maximum
security available is activated. You are strongly advised to enable encryption and
use a strong password. Security may be further improved by restricting client
IP addresses, using a non-standard port number for access or limiting remote
access to dial up connections only.
Internet or from a modem, care should be taken to ensure that the maximum
security available is activated. You are strongly advised to enable encryption and
use a strong password. Security may be further improved by restricting client
IP addresses, using a non-standard port number for access or limiting remote
access to dial up connections only.
Ensuring sufficient security
The security capabilities offered by the ServSwitch CX with IP are only
truly effective when they are correctly used. An open or weak password or
unencrypted link can cause security loopholes and opportunities for potential
intruders. For network links in general and direct Internet connections in
particular, you should carefully consider and implement the following:
The security capabilities offered by the ServSwitch CX with IP are only
truly effective when they are correctly used. An open or weak password or
unencrypted link can cause security loopholes and opportunities for potential
intruders. For network links in general and direct Internet connections in
particular, you should carefully consider and implement the following:
• Ensure that encryption is enabled.
By
or by
• Ensure that you have selected secure passwords with at least 8 characters
and a mixture of upper and lower case and numeric characters.
By
By
.
• Reserve the admin password for administration use only and use a non-
admin user profile for day-to-day access.
• Use the latest Secure VNC viewer (this has more in-built security than is
available with the Java viewer). To
• Use non-standard
.
• Restrict the range of IP addresses that are allowed to access the ServSwitch
CX with IP to only those that you will need to use. To
• Do NOT Force VNC protocol 3.3.
.
• Add a further level of inherent security by restricting access only via modem
or ISDN dialup.
• Ensure that the server accessing the ServSwitch CX with IP is clean of viruses
and spyware and has up-to-date firewall and anti-virus software loaded that
is appropriately configured.
is appropriately configured.
• Avoid accessing the ServSwitch CX with IP from public servers.
Security can be further improved by using the following suggestions:
• Place the ServSwitch CX with IP behind a firewall and use the port numbers
to route the VNC network traffic to an internal IP address.
• Review the activity log from time to time to check for unauthorised use.
• Lock your server consoles after they have been used.
• Lock your server consoles after they have been used.
A security white paper that gives further details is available upon request.
Ports
In this configuration there should be no constraints on the port numbers
because the ServSwitch CX with IP will probably be the only device at that IP
address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.
In this configuration there should be no constraints on the port numbers
because the ServSwitch CX with IP will probably be the only device at that IP
address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.
Addressing
When the ServSwitch CX with IP is situated alongside the firewall, it will require
a public static IP address (i.e. one provided by your Internet service provider).
More addressing information:
When the ServSwitch CX with IP is situated alongside the firewall, it will require
a public static IP address (i.e. one provided by your Internet service provider).
More addressing information: