User guide
Dominion KX II – Frequently Asked Questions
© 2012 Raritan Inc. Page 16 of 18 V1098 R6 May 2012
Does Dominion KX II
support AES encryption as
recommended by the U.S.
government’s NIST and
FIPS standards?
Yes. The Dominion KX II utilizes the Advanced Encryption Standard (AES) for
added security. 256-bit and 128-bit AES is available.
AES is a U.S. government-approved cryptographic algorithm that is
recommended by the National Institute of Standards and Technology (NIST) in
the FIPS Standard 197.
Does Dominion KX II allow
encryption of video data? Or
does it only encrypt
keyboard and mouse data?
Unlike competing solutions, which only encrypt keyboard and mouse data,
Dominion KX II does not compromise security – it allows encryption of keyboard,
mouse, video and virtual media data.
How does Dominion KX II
integrate with external
authentication servers such
as Active Directory,
RADIUS or LDAP?
Through a very simple configuration, Dominion KX II can be set to forward all
authentication requests to an external server such as LDAP, Active Directory or
RADIUS. For each authenticated user, Dominion KX II receives from the
authentication server the user group to which that user belongs. Dominion KX II
then determines the user’s access permissions depending on the user group to
which he or she belongs.
How are usernames and
passwords stored?
Should Dominion KX II’s internal authentication capabilities be used, all
sensitive information, such as usernames and passwords, is stored in an
encrypted format. Literally no one, including Raritan technical support or product
engineering departments, can retrieve those usernames and passwords.
Does Dominion KX II
support strong passwords?
Yes. The Dominion KX II has administrator-configurable, strong password
checking to ensure that user-created passwords meet corporate and/or
government standards and are resistant to brute force hacking.
Can I upload my own digital
certificate to the Dominion
KX II?
Yes. Customers can upload self-signed or certificate authority-provided digital
certificates to the Dominion KX II for enhanced authentication and secure
communication.
Does the KX II support a
configurable security
banner?
Yes. For government, military and other security-conscious customers requiring
a security message before user login, the KX II can display a user-configurable
banner message and optionally require acceptance.
My security policy does not
allow the use of standard
TCP port numbers. Can I
change them?
Yes. For customers wishing to avoid the standard TCP/IP port numbers to
increase security, the Dominion KX II allows the administrator to configure
alternate port numbers.
Smart Cards and CAC Authentication
Does Dominion KX II
support smart card and
CAC authentication?
Yes. Smart cards and DoD common access cards (CAC) authentication to
target servers is supported by Release 2.1.10 and greater.
What is CAC?
Mandated by Homeland Security Presidential Directive 12 (HSPD-12), CAC is a
type of smart card created by the U.S. government and used by U.S. military
and government staff. The CAC card is a multitechnology, multipurpose card;
the goal is to have a single identification card. For more information, see the
FIPS 201 standards.
Which KX II models support
smart cards/CAC?
All Dominion KX II models are supported. The Dominion KSX II and
KX II-101 do not currently support smart cards and CAC.
Do enterprise and SMB
customers use smart cards,
too?
Yes. However, the most aggressive deployment of smart cards is in the U.S.
federal government.
Which CIMs support
smart card/CAC?
The D2CIM-DVUSB, D2CIM-DVUSB-DVI, D2CIM-DVUSB-HDMI and D2CIM-
DVUSB-DP are the required CIMs.