User guide

ManualsBrandsADDER ManualsComputer equipmentAdderLink IP Gold

 









Placing AdderLink IP Gold alongside the ﬁrewall

AdderLink IP Gold is built from the ground-up to be secure. It employs a

sophisticated 128bit public/private key system that has been rigorously analysed

and found to be highly secure (a security white paper is available upon request

from Adder Technology Ltd). Therefore, you can position the AdderLink IP Gold

alongside the ﬁrewall and control hosts that are also IP connected within the

local network.

IMPORTANT: If you make the AdderLink IP Gold accessible from the public

Internet or from a modem, care should be taken to ensure that the maximum

security available is activated. You are strongly advised to enable encryption and

use a strong password. Security may be further improved by restricting client

IP addresses, using a non-standard port number for access or limiting remote

access to dial up connections only.

Ensuring sufﬁcient security

The security capabilities offered by the AdderLink IP Gold are only truly effective

when they are correctly used. An open or weak password or unencrypted link

can cause security loopholes and opportunities for potential intruders. For

network links in general and direct Internet connections in particular, you should

carefully consider and implement the following:

• Ensurethatencryptionisenabled.

By local conﬁguration or by remote conﬁguration.

• Ensurethatyouhaveselectedsecurepasswordswithatleast8characters

and a mixture of upper and lower case and numeric characters.

By remote conﬁguration.

• Reservetheadminpasswordforadministrationuseonlyanduseanon-

admin user proﬁle for day-to-day access.

• UsethelatestSecureVNCviewer(thishasmorein-builtsecuritythanis

available with the Java viewer). To download the viewer.

• Usenon-standardport numbers.

• RestricttherangeofIPaddressesthatareallowedtoaccesstheAdderLinkIP

Gold to only those that you will need to use. To restrict IP access.

• DoNOTForceVNCprotocol3.3.Remote conﬁguration. Protocol 3.3 is a

legacy version that does not offer any encryption.

• Addafurtherlevelofinherentsecuritybyrestrictingaccessonlyviamodem

or ISDN dialup.

• EnsurethatthecomputeraccessingtheAdderLinkIPGoldiscleanofviruses

and spyware and has up-to-date ﬁrewall and anti-virus software loaded that

is appropriately conﬁgured.

• AvoidaccessingtheAdderLinkfrompubliccomputers.

Security can be further improved by using the following suggestions:

• UseaKVMswitchwithOn-Screen-Displaydrivensecurityaccessandan

auto-logout (after inactivity) feature to provide a second level of security. KVM

switches such as the AdderView Matrix or SmartView XPro are recommended.

• PlacetheAdderLinkIPGoldbehindarewallanduseportthenumbersto

route the VNC network trafﬁc to an internal IP address.

• Reviewtheactivitylogfromtimetotimetocheckforunauthorizeduse.

• Lockyourserverconsolesaftertheyhavebeenused.

A security white paper that gives further details is available upon request from

Adder Technology Limited.

Ports

In this conﬁguration there should be no constraints on the port numbers

because the AdderLink IP Gold will probably be the only device at that IP

address.Therefore,maintaintheHTTPportas80andtheVNCportas5900.

Addressing

When the AdderLink IP Gold is situated alongside the ﬁrewall, it will require a

public static IP address (i.e. one provided by your Internet service provider).

More addressing information:

Discover DHCP-allocated addresses

DNS addressing