User guide

ManualsBrandsLindy ManualsData Input Devices39356

 









Placing the MC5-IP alongside the rewall

MC5-IP is built from the ground-up to be secure. It employs a sophisticated

128bit public/private key system that has been rigorously analysed and found

to be highly secure (a security white paper is available upon request). Therefore,

you can position the MC5-IP alongside the rewall and control hosts that are

also IP connected within the local network.

IMPORTANT: If you make the MC5-IP accessible from the public Internet or from

a modem, care should be taken to ensure that the maximum security available

is activated. You are strongly advised to enable encryption and use a strong

password. Security may be further improved by restricting client IP addresses,

using a non-standard port number for access or limiting remote access to dial up

connections only.

Ensuring sufcient security

The security capabilities offered by the MC5-IP are only truly effective when they

are correctly used. An open or weak password or unencrypted link can cause

security loopholes and opportunities for potential intruders. For network links

in general and direct Internet connections in particular, you should carefully

consider and implement the following:

• Ensure that encryption is enabled.

By standard conguration menu or by conguration page via viewer.

• Ensure that you have selected secure passwords with at least 8 characters

and a mixture of upper and lower case and numeric characters.

By conguration page via viewer.

• Reserve the admin password for administration use only and use a non-

admin user prole for day-to-day access.

• Use the latest Secure VNC viewer (this has more in-built security than is

available with the Java viewer). To download the viewer.

• Use non-standard port numbers.

• Restrict the range of IP addresses that are allowed to access the MC5-IP to

only those that you will need to use. To restrict IP access.

• Do NOT Force VNC protocol 3.3. Conguration page via viewer.

• Add a further level of inherent security by restricting access only via modem

or ISDN dialup.

• Ensure that the computer accessing the MC5-IP is clean of viruses and

spyware and has up-to-date rewall and anti-virus software loaded that is

appropriately congured.

• Avoid accessing the MC5-IP from public computers.

Security can be further improved by using the following suggestions:

• Place the MC5-IP behind a rewall and use the port numbers to route the

VNC network trafc to an internal IP address.

• Review the activity log from time to time to check for unauthorised use.

• Lock your server consoles after they have been used.

A security white paper that gives further details is available upon request.

Ports

In this conguration there should be no constraints on the port numbers

because the MC5-IP will probably be the only device at that IP address.

Therefore, maintain the HTTP port as 80 and the VNC port as 5900.

Addressing

When the MC5-IP is situated alongside the rewall, it will require a public static

IP address (i.e. one provided by your Internet service provider).

More addressing information:

Discover DHCP-allocated addresses

DNS addressing