5
®
2
3
4
1
PC 2
PC 3
PC 4
PC 1
SECT 2
Welcome
Introduction
The ServSwitch Secure USB range of products are highly robust KVMA switches
for critical applications. When information absolutely must not be leaked
between systems or networks, the ServSwitch Secure USB units combine the
necessary isolation with a desirable ease of use.
ServSwitch Secure USB units are available in two port and four port versions.
Both models combine a number of overlapping strategies that are designed and
proven to defeat potential points of infiltration or protect against user error.
Firstly, all channel switching is controlled only from the front panel buttons. No
keyboard or mouse switching commands are permitted and all operations are
continually monitored by a dedicated sub-system. Any deviation from a strictly
ordered sequence of events will result in an error condition, where all channels
are immediately isolated and the operator is informed via a front panel indicator.
Data Diodes, implemented within hardwired electronic circuitry, rather than
software, are liberally employed to ensure that critical data paths can flow only
in one direction. These data diodes ensure that a compromised peripheral, a
keyboard for instance, cannot read information back from a connected system in
order to transfer such details to another system. Whenever a channel is changed,
the connected keyboard and mouse are always powered down and re-initialized
to provide yet another level of protection against hidden peripheral malware.
In general, the role of software within the unit has been reduced to an absolute
minimum to avoid the possibility of subversive reprogramming. Additionally, all
flash memory has been banished from the design, to be replaced by one-time
programmable storage which cannot be altered.
The outer casing contains extensive shielding to considerably reduce electromagnetic
emissions. Additionally, the casing has been designed with as few apertures as
possible to reduce the possibility of external probing and several primary chassis
screws are concealed by tamper-evident seals to indicate any unauthorized
internal access. Shielding extends also to the internal circuitry with all channels
providing a minimum of 60dB crosstalk separation between computer input
signals and any signals from the other computers at frequencies up to 100MHz.
These are just a few of the many strategies and innovations that have been
combined to ensure separation between differing systems. Numerous other
defences lie in wait to defeat any potential threat.
Various strategies are employed to ensure complete
separation between the switched channels:
• One-way
Data Diodes
are used on
keyboard and mouse communication
channels so that data isolation does
not rely on software.
• The keyboard and mouse are powered
down and re-initialized during every
channel switch to ensure that they
cannot act as transport media for
malicious data between computers.
• Many aspects of operation are
internally monitored. For instance, if a
second channel attempts to open while
another is still active, all operation
will be instantly halted and an error
condition signalled to the user.
Hard wired
Data
Diodes
enforce a
one-way flow on
information.
Individually colored
indicators provide clear
visual feedback about the
currently selected channel.
Channel switching
is by physical
button press only,
no keyboard or
mouse codes are
permitted.
Common keyboard, mouse, video
monitor and speakers are able
to access multiple high security
computers/networks, safe in the
knowledge that data will not be
transferred from one to another,
either by user error or subversive
attack.
The switching section is hard
wired to allow only one channel
to be selected at any time. This
operation is also closely monitored
by separate checking circuitry.
