Security Features - HighSecLabs K304 User Manual

Security Features

HSL Secure KM Switch is the most advanced and secure commercially
available KM Switch available today. Below is a summary of some of
the security features incorporated into the product.
Unidirectional Data Paths
Optical diodes used to enforce unidirectional data flow from the
peripheral devices to computers preventing potential leakage paths
between computers even in the severe threat of two infected
computers attacking the KM.
No Shared Resources
This KM Switch designed to securely operate even when peripheral
devices are vulnerable to signaling attacks. This KM Switch does not
allow computer access to any shared resource and does not share
controllable power sources.
Dedicated Processors for Emulation
The Switch features a dedicated processor per computer port to
emulate peripheral devices. This keeps each computer running on
different security levels physically separated and secure at all times,
and prevents any unintended data leakage between computers.
Non-Reprogrammable Firmware
The Switch features custom firmware that is not reprogrammable,
preventing the ability to remotely attack the KM control logic.
3
4 & 8 port Secure KM Switch User Manual
USB Ports Protection
Console USB ports are protected from the use of storage and other
unsafe USB devices through strong filtering (independent of
computer protection means). Unqualified devices are rejected when
connected to the Switch. Only mouse and keyboard data are passed
through.
Heavy-duty Steel Enclosure
HSL Secure KM Switches uses thick steel components to protect the
product from physical tampering and to minimize radiated
electromagnetic emissions that can be snooped or intercepted.
Active Always-On Anti-Tamper
Active chassis anti-tamper system prevents the KM electronic
circuitry from being accessed and tampered with by permanently
disabling the product once tampering is detected.
Holographic Tamper-Evident Labels
Four serially numbered holographic security tamper-evident labels
are placed on the enclosure surface to provide a visual indication if
the Switch has been opened or compromised.
Dedicated Peripheral Port (K304E)
HSL patented Dedicated Peripheral Ports enables secure use of CAC
or smart-card readers leveraging security.
Common Criteria Listing
The Switch is listed by the Common Criteria organization.