3
SECT 2
Welcome
Introduction
The AdderView Secure range of products are highly robust KVM switches for
critical applications. When information absolutely must not be leaked between
systems or networks, the AdderView Secure units combine the necessary
isolation with a desirable ease of use.
AdderView Secure units combine a number of overlapping strategies that are
designed and proven to defeat potential points of infiltration or protect against
user error.
Firstly, all channel switching is controlled only from the front panel buttons. No
keyboard or mouse switching commands are permitted.
Secondly,
Data Diodes
, implemented within hardwired electronic circuitry, rather
than software, are liberally employed to ensure that critical data paths can flow
only in one direction. These data diodes ensure that a compromised peripheral, a
keyboard for instance, cannot read information back from a connected system in
order to transfer such details to another system. Whenever a channel is changed,
the connected keyboard and mouse are always powered down and re-initialized
to provide yet another level of protection against hidden peripheral malware.
In general, the role of software within the unit has been reduced to an absolute
minimum to avoid the possibility of subversive reprogramming. Additionally, all
flash memory has been banished from all security critical areas of the design, to
be replaced by one-time programmable storage which cannot be altered.
The outer casing contains extensive shielding to considerably reduce electromagnetic
emissions. Additionally, the casing has been designed with as few apertures as
possible to reduce the possibility of external probing and several primary chassis
screws are concealed by tamper-evident seals to indicate any unauthorized
internal access. Shielding extends also to the internal circuitry with strong levels
of electrical crosstalk isolation between ports to protect against signals from one
computer becoming detectable on another.
AdderView Secure units are available in two port and four port sizes. Each size
can be ordered in standard and enhanced versions. The enhanced versions allow
you to attach a smart card reader that can be securely shared between the
connected systems. The enhanced versions also contain
anti-subversion
and
authentication
features that guard against intrusion and allow you to prove
that the unit is genuine, respectively.
These are just a few of the many strategies and innovations that have been
combined to reinforce the separation between differing systems. Numerous
other defences lie in wait to defeat any potential threat.
Various strategies are employed to ensure complete
separation between the switched channels:
• One-way
Data Diodes
are used on
keyboard and mouse communication
channels so that data isolation does
not rely on software.
• The keyboard and mouse are powered
down and re-initialized during every
channel switch to ensure that they
cannot act as transport media for
malicious data between computers.
• Careful shielding and separation
strategies are used to ensure that data
doesn’t crosstalk between channels or
leak to the outside world via radiated
or conducted mechanisms.
PC 2
PC 3
PC 4
PC 1
Hard wired One-
way
Data Diodes
enforce a one-way
flow on information
Individually colored
indicators provide clear
visual feedback about the
currently selected channel
Channel switching
is by physical
button press only,
no keyboard or
mouse codes are
permitted
Common keyboard, mouse and video
monitor are able to access multiple
high security computers/networks,
safe in the knowledge that data
will not be transferred from one
to another, either by user error or
subversive attack.
The switching section is hard
wired to allow only one channel
to be selected at any time.
