Download PDF - Black Box (UK)
Download PDF - Black Box (UK)
Download PDF - Black Box (UK)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
KVM<br />
Secure Switching<br />
ServSwitch Secure KVM Switches with USB<br />
Combat security threats with these EAL4+ tested<br />
The ServSwitch Secure KVM Switches with<br />
USB are EAL4+ certified and TEMPEST approved<br />
(except SW2008A-USB-EAL and SW4008-USB-<br />
EAL). They surpass the security profiles of most<br />
other KVM switches. These new switches have<br />
been evaluated for Common Criteria Evaluation<br />
Assurance to Level 4+ (EAL4+). Common Criteria<br />
is an international standardised process for<br />
information technology security evaluation,<br />
validation, and certification. The Common Criteria<br />
scheme is supported by the National Security<br />
Agency through the National Information<br />
Assurance Program (NIAP).<br />
The ServSwitch Secure KVM Switches with<br />
USB provide control and separation of up to<br />
four PCs connected to secure and unsecure<br />
networks through just one keyboard, monitor,<br />
and mouse. Users can safely switch among as<br />
many as four computers operating at different<br />
classification levels without worry.<br />
Features include:<br />
• High port-to-port electrical isolation, which<br />
facilitates data separation (RED/BLACK).<br />
• The low radiated emissions profile meets<br />
the appropriate national requirements.<br />
• Switches are permanently hard wired,<br />
preventing access from one CPU or<br />
network to the others.<br />
• External tamper-evident seals.<br />
• Channel-to-channel 60-dB crosstalk isolation<br />
protects against signal snooping.<br />
• Supports DVI-I video, which is DC balanced<br />
and may be encoded for security.<br />
• Provides robust isolation between networks,<br />
so they’re ideal for government applications<br />
that access classified networks in addition<br />
to public networks such as the Internet.<br />
• WARRANTY — 2 Years.<br />
Why ServSwitch Secure KVM<br />
Switches with USB?<br />
1. Prevent data leaking between<br />
ports and to the outside world.<br />
2. Prevent sensitive data from being<br />
stored in the device.<br />
3. Prevent electronic snooping.<br />
C<br />
Threats/Solutions<br />
1. Prevent data leaking between<br />
ports and to the outside world.<br />
Threat: Microprocessor malfunction or<br />
unanticipated software bugs cause<br />
data to flow between ports.<br />
Solution: Unidirectional keyboard and mouse<br />
data flow is enforced by hardware “data<br />
diodes” so data isolation doesn’t rely on<br />
software integrity. This makes it impossible<br />
for the computer to send data along the<br />
keyboard and mouse signaling channel. This<br />
advanced design also ensures data isolation<br />
through hardware and prevents the keyboard<br />
and mouse interfaces from becoming covert<br />
computer-to-computer signaling channels<br />
because of software holes or unanticipated<br />
bugs.<br />
In addition, keyboard and mouse devices<br />
can only be enumerated at the keyboard and<br />
mouse ports. Any other USB peripherals, such<br />
as a USB thumb drive, will be inhibited from<br />
operating, preventing any uploading or<br />
downloading of data.<br />
Threat: Physical proximity between ports<br />
enables data leakage.<br />
Solution: Isolation is improved by placing<br />
the red and black ports at the opposite<br />
edges of the switch.<br />
Threat: Accidental port switching.<br />
Solution: Locked-down operation disables<br />
all keyboard hotkey and mouse switching<br />
functions in both software and hardware<br />
so that data corruption can’t inadvertently<br />
cause an unanticipated channel change.<br />
The only way to change the channel is<br />
with the front-panel keys. There is only one<br />
button per channel, so channel selection is<br />
clear. Colour-coded visual feedback confirms<br />
the channel selection.<br />
Threat: Signaling by shorting the power supply<br />
or loading the power.<br />
Solution: Each port is independently powered<br />
by its USB port. Shorting the power supply<br />
on one port will not cause the power on the<br />
other ports to be switched off. The shared<br />
keyboard, mouse, and monitor circuitry are<br />
powered by the power supply. The lack of a<br />
common power supply minimises electronic<br />
signaling.<br />
Threat: Detection of signals on one computer by<br />
monitoring for crosstalk (leakage) signals on<br />
another computer.<br />
Solution: Minimum crosstalk separation of<br />
60 dB provided between signals from one<br />
computer and input or I/O signals to another.<br />
There are no connections to sensitive<br />
analogue inputs, such as computer<br />
microphone ports. Microphone circuitry<br />
enables sensitive recording of small analogue<br />
signals. Even very low crosstalk levels could be<br />
recorded and act as a means by which a<br />
non-selected computer could read data being<br />
sent to another computer.<br />
Threat: Timing analysis attacks (looking at<br />
what happens on one port to determine<br />
data flow patterns on another).<br />
Solution: Only one computer is connected<br />
at a time to any shared circuitry. Links are<br />
unidirectional, preventing timing analysis.<br />
Threat: Electromagnetic emissions.<br />
Solution: Special low emissions cables are used<br />
to minimise radiated electromagnetic signal<br />
leakage. Filtered power connections minimise<br />
emissions down the power lines.<br />
2<br />
Tech Support: 0118 965 6000 | Sales: 0118 965 6150