Secure KVM Switch

Posted on December 31, 2024 by KVMGalore   |  0 comments

When using a KVM switch to control computers that belong to different security classification levels, the KVM switch may become a mediator that shares compromised / untrusted / unauthorized peripheral devices.

Such a KVM switch may be exploited for data leakage, signaling attacks and malicious code distribution across all the computers that are controlled by the KVM switch.

A secure KVM switch is the only solution for safe peripheral sharing between computers. A secure KVM switch is designed and built to protect against data leakage and malicious code attacks through shared USB, keyboard, mouse and audio peripherals by maintaining full isolation between the connected computers.

A secure KVM switch offers a number of building blocks to provide such isolation and provide extra security not offered by non-secure KVM switches:
Display Protection: Video input interface isolation through the use of different power and ground planes, different electronic components and different emulated EDID chips per channel.
Audio Protection: Audio data flow path electrical isolation and unidirectional data diodes that allow sound to travel only in one direction from the PC to the speaker.
Keyboard and Mouse Protection: Accept only USB HID devices (keyboard and mice), ruling out others. Unidirectional data diodes that allow data to travel only in one direction from the devices to the computer.
USB Threats Protection: Protect against data leakage, signaling and virus injection by completely blocking unauthorized USB devices and traffic.
Biometric/Smart-Card Reader Support: Support user authentication across multiple isolated computers by the usage of CAC readers.
Hardware Tampering Protection: Using tamper-proof electrical design with an internal anti tampering sub-system that triggers when the product chassis is tampered. Protect against unauthorized opening using serialized holographic labels that provide visual indication of tampering attempts.
Firmware Tampering Protection: Using ROM (read-only memory) and one-time-programmable (OTP) microprocessors. Prevent data storage inside the product by having no memory buffers.

Common CriteriaCertification
National Information Assurance Partnership (NIAP) is a program - officially known as the NIAP Common Criteria Evaluation and Validation Scheme for IT Security - established by he National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) designed to evaluate IT product conformance to Common Criteria standard, and is responsible for U.S. implementation of the Common Criteria.

Learn more...