Network security

Auswahl Hilfen Inhaltsverzeichnis previous top next english version

Security conceptNetwork security

 

The following notes and information on safety and risks for Thin Clients apply to all units from firmware 4.0 onwards. Exceptions to this are pointed out explicitly.

 

Filtering of all TCP, UDP ports and IP protocils for incoming connections

Beginning with firmware V4.10.00 , the TCP/IP filter for incoming connections of all TCP and UDP ports with the exception of UDP port 137 (NetBIOS Name Service) is activated as a protection from hacker attacks via the network. This means that only this port is answering queries. UDP port 137 is needed for name resolution via NetBIOS and allows the in-built network scanner to identify the Thin Clients within the network. Also, all IP protocols with the exception of ICMP are being filtered. The Thin Client network diagnosis uses the ICMP Echo Request (Ping) to check the connection to a host.

 

RC4 encoding for RDP and optional 128-bit AES encoding for KVM/VNC connections.

As a standard, the encoding for KVM/VNC connections is not activated because it would result in a reduced image refresh rate. This setting is only recommended for 1:1 connections or for closed, safe networks.

 

Blocking of Thin Client System flash memory partitions to RDP drive enabling.

The RDP drive enabling is activated as a standard but only allows access to USB sticks connected to the Thin Client device; the system and configuration partitions used internally are not affected by this.

 

See also:

Kapitelseite Local Security

Kapitelseite Remaining risks

 

<< return