8
8 and 16-PORT SECURE KVM USER MANUAL
Section 4 - Operation
Main Features
Product is designed, manufactured and delivered in security-
controlled environments. Below is a summary of the main advanced
features incorporated in product:
Advanced isolation between computers and shared peripherals
The emulations of keyboard, mouse and display EDID, prevent direct
contact between computers and shared peripherals. Product design
achieves maximal security by keeping the video path separate with
keyboard and mouse switched together, purging keyboard buffer
when switching channels. All these features contribute to strong
isolation between computer interfaces, maintained even when
product is powered off.
Unidirectional data flow: USB, audio and video
Unique hardware architecture components prevent unauthorized
data flow, including:
Optical unidirectional data flow diodes in the USB data path
that filtrate and reject unqualified USB devices;
Secure analog audio diodes that prevent audio
eavesdropping with no support for microphone or any other
audio-input device;
Video path is kept separate from all other traffic, enforcing
unidirectional native video flow. EDID emulation is done at
power up and blocks all EDID/MCCS writes. For DisplayPort
video, filtration of AUX channel exists to reject unauthorized
transactions.
Isolation of power domains
Complete isolation of power domains prevents signaling attacks.
Secure administrator access & log functions
Product incorporates secure administrator access and log functions
to provide auditable trail for all product security events, including
battery backup life for anti-tampering and log functions. Non-
reprogrammable firmware prevents the ability to tamper with
product logic.
Always-on, active anti-tamper system
Active anti-tampering system prevents malicious insertion of
hardware implant such as wireless key-logger inside product
enclosure. Any anti-tampering attempt causes isolation of all
computers and peripheral devices rendering product inoperable and
showing clear indications of tampering event to user.
Holographic security tamper-evident labels are placed on the
enclosure to provide a clear visual indication if product has been
opened or compromised.
Metal enclosure is designed to resist mechanical tampering with all
microcontrollers protected against firmware-read, modification and
rewrite.