14
Video display (EDID) information
The Display Data Channel (or DDC) communication scheme was introduced to
allow video displays to provide details (using the information format of EDID
- Extended Display Identification Data) about themselves and their capabilities
to the computer’s graphic adapter circuitry. In most applications this is a useful
and positive feature. However, in a highly secure environment this presents two
potential problems:
• Most video displays provide manufacturer, model and serial number
information as part of their EDID transfer. This unique information could
possibly be used as a marker by anyone attempting to compromise security
within one or more of the connected computers/networks.
• The operation of the DDC scheme could theoretically provide a means to
transfer a small packet of EDID information to the computers at each power
on cycle of the AdderView Secure.
If your organisation wishes to protect against such scenarios then it is
recommended that the DDC lines are disconnected in the cable between the
AdderView Secure and the monitor. Alternatively, Adder would be happy
to discuss configuring the AdderView Secure with a DDC policy to suit your
organisation.
AdderView Secure EDID policy
The AdderView Secure maintains individual EDID memories for each connected
computer port. During manufacture, these memories are each loaded with a
default EDID packet.
When the AdderView Secure is powered on, its response will be determined by
the condition of the DDC signalling pins of the video monitor connector:
•
If the DDC pins are connected as standard
: The AdderView Secure reads
the EDID information from the attached video monitor and loads a copy
into each port memory, which can then be made available to the connected
computers.
•
If no video monitor is connected or the monitor’s DDC signalling pins
are disconnected
: The AdderView Secure will maintain the existing data
held in the EDID memories and make them available to the computers.
•
If the video monitor’s DDC signalling pins have been connected to
ground
: The AdderView Secure will load a set of default data to the EDID
memories and no data will be made available to the computers. This provides
a means of clearing information about previously attached monitors.
Note: Most analog video cards will output a video signal without EDID
information. In such installations it may be acceptable to disconnect the DDC
connections from the AdderView Secure so that no EDID information is made
available to the computers. However, some graphics cards will not output a
video signal unless they can read the EDID information.
To determine how EDID information is used
Note: The information given here is provided purely as an overview. It is beyond
the scope of this document to provide detailed instructions on how to modify
video display cables, which should only be attempted by a qualified engineer.
If the transfer of EDID information is unsuitable for your installation, you can
take steps to bypass or disable its use. EDID information is sent from the video
display on the following pins of the connector:
• VGA (15-pin D-type) connector: pins 12 and 15
As mentioned earlier, the AdderView Secure unit responds in the different ways,
depending upon how the DDC data lines within the video display cable have
been wired:
DDC pin conditions
AdderView Secure unit response
Connected
EDID information is harvested from the connected
video display during unit power on and written to all
computer port memories.
Not connected
Unit retains the EDID information that is already held
in the port memories and continues to present them to
the attached computers. No new EDID information can
be sought from the currently connected video display.
Grounded
Unit overwrites all EDID information held in memory
with default information but does not present anything
to the attached computers.
In situations where no EDID information is being supplied, it may be necessary to
use a special driver on the connected computers to inform their graphic adapters
on the appropriate signals to send.
Alternatively, a ‘surrogate’ video display of the appropriate type could be
temporarily connected to the AdderView Secure unit in order to harvest the
necessary EDID information. The surrogate video display could then be replaced
by the real one, which has its DDC pins disconnected (not grounded).
