Security

Question

Answer

Is the Dominion KX III FIPS 140-2 Certified?

The Dominion KX III uses an embedded FIPS 140-2 validated cryptographic module running on a Linux platform per FIPS 140-2 implementation guidelines. This cryptographic module is used for encryption of KVM session traffic consisting of video, keyboard, mouse, virtual media and smart card data.

What kind of encryption does Dominion KX III use?

Dominion KX III uses industry-standard (and extremely secure) 256-bit AES, 128-bit AES or 128-bit encryption, both in its SSL communications as well as its own data stream. Literally no data is transmitted between remote clients and Dominion KX III that is not completely secured by encryption.

Does Dominion KX III support AES encryption as recommended by the U.S. government’s NIST and FIPS standards?

Yes. The Dominion KX III utilizes the Advanced Encryption Standard (AES) for added security. 256-bit and 128-bit AES is available.

AES is a U.S. government-approved cryptographic algorithm that is recommended by the National Institute of Standards and Technology (NIST) in the FIPS Standard 197.

Does Dominion KX III allow encryption of video data? Or does it only encrypt keyboard and mouse data?

Unlike competing solutions, which only encrypt keyboard and mouse data, Dominion KX III does not compromise security – it allows encryption of keyboard, mouse, video and virtual media data.

How does Dominion KX III integrate with external authentication servers such as Active Directory, RADIUS or LDAP?

Through a very simple configuration, Dominion KX III can be set to forward all authentication requests to an external server such as LDAP, Active Directory or RADIUS. For each authenticated user, Dominion KX III receives from the authentication server the user group to which that user belongs. Dominion KX III then determines the user’s access permissions depending on the user group to which he or she belongs.

How are usernames and passwords stored?

Should Dominion KX III’s internal authentication capabilities be used, all sensitive information, such as usernames and passwords, is stored in an encrypted format. Literally no one, including Raritan technical support or product engineering departments, can retrieve those usernames and passwords.

Does Dominion KX III support strong passwords?

Yes. The Dominion KX III has administrator-configurable, strong password checking to ensure that user-created passwords meet corporate and/or government standards and are resistant to brute force hacking.

Can I upload my own digital certificate to the Dominion KX IIKX IIII?

Yes. Customers can upload self-signed or certificate authority-provided digital certificates to the Dominion KX III for enhanced authentication and secure communication.

Does the KX III support a configurable security banner?

Yes. For government, military and other security-conscious customers requiring a security message before user login, the KX III can display a user-configurable banner message and optionally require acceptance.

My security policy does not allow the use of standard TCP port numbers. Can I change them?

Yes. For customers wishing to avoid the standard TCP/IP port numbers to increase security, the Dominion KX III allows the administrator to configure alternate port numbers.

See Also

Frequently Asked Questions

General FAQs

Remote Access

Universal Virtual Media

Bandwidth and KVM-over-IP Performance

IPv6 Networking

Servers

Blade Servers

Installation

Local Port - KX IIII

Extended Local Port

Dual Power Supplies

Intelligent Power Distribution Unit (PDU) Control

Ethernet and IP Networking

Local Port Consolidation, Tiering and Cascading

Computer Interface Modules (CIMs)

Smart Cards and CAC Authentication

Manageability

Documentation and Support

Miscellaneous