iPGARD Secure KVM Administration and Security Management Tool User Guide

IPGard Secure KVM Administration and Security Management Tool Guide (CAC)

DESIGNED AND MADE IN USA

Release Date: February 11th, 2021
Version:        1.1

Prepared By: Albert Cohen
Prepared For: IPGard

1. OVERVIEW

The Administration and Security Management Tool was designed by IPGARD to allow identified and authenticated users and system administrators to perform the following management activities on IPGARD Secure KVM switch devices:

Table 1: User/Administrator Function Permissions

An authenticated User and authenticated Administrator are both considered types of administrators for the purposes of compliance with version 4.0 of the Protection Profile (PP) for Peripheral Sharing Device (PSD), to which this product claims conformance.

This guide outlines the required information to operate each function in the above table.

2. INTENDED AUDIENCE

The information in this document is for authorized system administrators or users. If the product does not behave in the manner specified by this document, please contact IPGARD technical support at support@IPGARD.com.

3. SYSTEM REQUIREMENTS

• The IPGARD Secure KVM switch is compatible with standard personal/portable computers, servers or thin-clients, running operating systems such as Windows or Linux.
  The Administration and Security Management Tool can only run on Windows. The supported versions are Windows XP, 7, 8, and 10. Version 2.0 or later of the .NET framework is also required.

• The peripheral devices that supported by the KVM TOE are listed in the following table:

composite device functions, unless the connected device has at least one endpoint which is a keyboard or mouse HID class
Display| Display device (e.g., monitor, projector) that uses an interface that is physically and logically compatible with the TOE ports (DVI-I, HDMI, or DisplayPort, depending on model)
Audio out| Analog amplified speakers, Analog headphones
Mouse / Pointing Device| Any wired mouse or trackball without internal USB hub or composite device functions
User Authentication Device| USB devices identified as user authentication (base class 0Bh, e.g., Smart-card reader, PIV/CAC reader, Token, or Biometric reader)

Table 2: Peripheral Devices supported by the KVM TOE

4. SYSTEM SETUP

Note: Only one computer connected to the KVM port 1 is required for any activity in this guide.

• Ensure that device power is turned off or disconnected from the unit and the computer.
• Using USB cable Type-A to Type-B connect the PC to the device host K/M port 1. Connect a second USB cable Type-A to Type-B between the PC and the KVM if CAC port configuration is also required.
• Connect a USB keyboard and mouse in the two USB console ports.
• Connect the appropriate video cable between the PC and the KVM video 1 port.
• Connect the monitor to the KVM console video output connector.
• Power up the PC and the device.
• Download the Administration and Security Management Tool from the following link to the PC – http://ipgard.com/tools-software/
• Run the Administration and Security Management Tool executable file. Figure 1 below is a screenshot of the tool you should be seeing on your screen.

Figure 1: Administration and Security Management Tool

5. INITIATE SESSION

• Using the keyboard, press “Alt Alt cnfg”
• At this stage the mouse connected to the device will stop functioning.
• Figure 2 below is a screenshot of the tool you should be seeing on your screen.

Figure 2: Initiate Session Capture

6. USER FUNCTIONS

6.1. User -­ Log-in

• Enter the default username “user” and press Enter.
• Enter the default password “12345” and press Enter.
• Figure 3 below is a screenshot of the tool you should be seeing on your screen.

Figure 3: User Log-in

6.2. User ­- CAC Port Configuration

CAC (Common Access Card) port configuration is an optional feature, allowing registration of any specific USB peripheral to operate with the device. Only one peripheral can be registered at a time and only the registered peripheral will operate with the device. By default, when no peripheral is registered, the device will operate with any Smart Card Reader.

Be advised, this CAC port is intended to be used solely for specific User Authentication Devices listed in Table 2. Misusing the KVM by registering any other USB device is beyond the scope of the Protection Profile 4.0 approved by NIAP.

• Select option 2 from the menu on your screen and press Enter.
• Connect the peripheral device to be registered to the CAC USB port in the console side of the device and wait until the device is reading the new peripheral information.
• The device will list the information of the connected peripheral on the screen and buzz 3 times when registration is completed.
• Figure 4 below is a screenshot of the tool you should be seeing on your screen. A USB Smart Card Reader was registered to the CAC port in this example:

Figure 4: User CAC Port Registration

6.3. User -­ View Registered CAC Peripheral

• Select option 1 from the menu on your screen and press Enter.
• Figure 5 below is a screenshot of the tool you should be seeing on your screen. A USB Smart Card Reader is registered to the CAC port in this example:

Figure 5: User View Registered CAC Peripheral

6.4. User ­- Terminate Session

• Press “Esc Esc”.
• Figure 6 below is a screenshot of the tool you should be seeing on your screen.

Figure 6: Terminate Session

7 Administrator Functions

7.1 Administrator ­- Log-in

• Enter the default username “admin” and press Enter.
• Enter the default password “12345” and press Enter.
• Figure 7 below is a screenshot of the tool you should be seeing on your screen.

Figure 7: Administrator Log-in

7.2 Administrator ­- CAC Port Configuration

CAC (Common Access Card) port configuration is an optional feature, allowing registration of any specific USB peripheral to operate with the device. Only one peripheral can be registered at a time and only the registered peripheral will operate with the device. By default, when no peripheral is registered, the device will operate with any Smart Card Reader.

• Select option 4 from the menu on your screen and press Enter.
• Connect the peripheral device to be registered to the CAC USB port in the console side of the device and wait until the device is reading the new peripheral information.
• The device will list the information of the connected peripheral on the screen and buzz 3 times when registration is completed.
• Figure 8 below is a screenshot of the tool you should be seeing on your screen. A USB Smart Card Reader was registered to the CAC port in this example:

Figure 8: Admin CAC Port Registration

7.3 Administrator -­ View Registered CAC Peripheral

• Select option 3 from the menu on your screen and press Enter.
• Figure 9 below is a screenshot of the tool you should be seeing on your screen. A USB Smart Card Reader is registered to the CAC port in this example:

Figure 9: Admin View Registered CAC Peripheral

7.4 Administrator ­- Change User Credentials

• Select option 1 from the menu on your screen and press Enter.
• Enter the new User ID and press Enter.
• Enter the new User ID again and press Enter.
• Enter the new User password and press Enter.
• Enter the new User password again and press Enter.
• Figure 10 below is a screenshot of the tool you should be seeing on your screen.

Figure 10: Admin Change User Credentials

7.5 Administrator -­ Change Administrator Credentials

• Select option 2 from the menu on your screen and press Enter.
• Enter the new Administrator ID and press Enter.
• Enter the new Administrator ID again and press Enter.
• Enter the new Administrator password and press Enter.
• Enter the new Administrator again and press Enter.
• Figure 11 below is a screenshot of the tool you should be seeing on your screen.

Figure 11: Admin Change Admin Credentials

7.6 Administrator -­ Event Log (auditing)

Event Log is a detailed report of critical activities stored in the device memory. The internal clock of the KVM is used to print out timestamps for each event in the log. The internal battery of the KVM ensures the clock is always active and allows for accurate time recordings for all events. The initial date is inputted into each KVM manually at the time of manufacturing. The following steps provide instructions for dumping the log by identified and authenticated administrator.

• Select option 5 from the menu on your screen and press Enter.
• The last 10 events will be presented in the log as shown in Figure 12 below:

Figure 12: Sample Log

• Press the Enter key to see the previous 10 events. This can be repeated for up to the most recent 100 events.

• The Log header includes the following information:
  o Unit’s Model
  o Unit’s S/N
  o Anti-tamper switch status
  o Manufacturing Site
  o Manufacturing Date
  o Anti-tamper Arming Date
  o Number of current records in the Log

• The log data may include events with any of the codes shown in Figure 13 below:

Figure 13: Event Codes

7.7 Administrator ­- Restore Factory Defaults

• Select option 6 from the menu on your screen and press enter.
• The following menu will be presented (see Figure 15 below):

Figure 14: Restore Factory Defaults

The unit will perform power reset automatically. All system defaults will be restored and any registered CAC devices will be cleared.

7.8 Administrator ­- Terminate Session

Press “Esc Esc”.

References

• Tools & Software | IPGARD

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>