Section 2 - Overview; Security Features - HighSecLabs K202B User Manual

Section 2 - Overview

Security Features

HSL Secure KVM Switch is the most advanced and secure
commercially available KVM Switch available today. This product is a
derivative of high security KVM product used in newest NATO
nuclear submarines. Below is a summary of some of the security
features incorporated into the product.
Unidirectional Data Paths
Optical diodes used to enforce unidirectional data flow from the
peripheral devices to computers preventing potential leakage paths
between computers even in the severe threat of two infected
computers attacking the KVM.
No Shared Resources
This KVM Switch designed to securely operate even when
peripheral devices are vulnerable to signaling attacks. This KVM
Switch does not allow computer access to any shared resource and
does not share controllable power sources.
Dedicated Processors for Emulation
The Switch features a dedicated processor per computer port to
emulate peripheral devices. This keeps each computer running on
different security levels physically separated and secure at all times,
and prevents any unintended data leakage between computers.
Non-Reprogrammable Firmware
The Switch features custom firmware that is not reprogrammable,
preventing the ability to remotely attack the KVM control logic.
K202B/D Secure KVM Switch User Manual
EDID Emulation and Firewall
HSL Secure KVM Switch blocks the computer access to the shared
display by using isolated EDID emulators. This arrangement together
with the internal EDID firewall protects from KVM attacks targeting
the external memory effect of the shared display.
USB Ports Protection
Console USB ports are protected from the use of storage and other
unsafe USB devices through strong filtering (independent of
computer protection means). Unqualified devices are rejected when
connected to the Switch. Only mouse and keyboard data are passed
through.
Heavy-duty Steel Enclosure
HSL Secure KVM Switches uses thick steel components to protect
the product from physical tampering and to minimize radiated
electromagnetic emissions that can be snooped or intercepted.
Active Always-On Anti-Tamper
Active chassis anti-tamper system prevents the KVM electronic
circuitry from being accessed and tampered with by permanently
disabling the product once tampering is detected.
Holographic Tamper-Evident Labels
Serially numbered holographic security tamper-evident label is
placed on the switch enclosure to provide a visual indication if the
switch has been opened or compromised.
3