Video display (DDC) information
The Display Data Channel (or DDC) scheme was introduced to allow analog and digital video displays to provide details about themselves and their capabilities to the computer’s graphic adapter circuitry. In most applications this is a useful and positive feature. However, in a highly secure environment this presents two potential problems:
•Most video displays provide manufacturer, model and serial number information as part of their DDC data. This unique information could possibly be used as a marker by anyone attempting to compromise security within one or more of the connected computers/networks.
•The operation of the DDC scheme could theoretically provide a means to transfer a small 128 byte packet of data to the computers at each power on cycle of the ServSwitch.
If your organisation wishes to protect against such scenarios then it is recommended that the DDC lines are disconnected in the cable between the ServSwitch and the monitor. Alternatively, Black Box would be happy to discuss configuring the ServSwitch with a DDC policy to suit your organisation.
ServSwitch Secure DDC policy
The ServSwitch Secure maintains individual DDC memories for each connected computer port. During manufacture, these DDC memories are each loaded with a set of default DDC data.
When the ServSwitch is powered on, its response will be determined by the condition of the DDC signalling pins of the video monitor connector:
•If the DDC pins are connected as standard: the ServSwitch Secure reads the DDC data from the attached video monitor and loads a copy into each port memory, which can then be made available to the connected computers.
•If no video monitor is connected or the monitor’s DDC signalling pins are disconnected: The ServSwitch Secure will maintain the default data held in the DDC memories and make them available to the computers.
•If the video monitor’s DDC signalling pins have been connected to ground: The ServSwitch Secure will load a set of default data to the DDC memories and no DDC data will be made available to the computers. This provides a means of clearing DDC information about previously attached monitors.
Note: Most analog video cards will output a video signal without DDC information. In such installations it may be acceptable to disconnect the DDC connections from the ServSwitch Secure so that no DDC information is made available to the computers. However, most DVI graphics cards will not output a video signal unless they can read the DDC information.
To determine how DDC data is used
Note: The information given here is provided purely as an overview. It is beyond the scope of this document to provide detailed instructions on how to modify video display cables, which should only be attempted by a qualified engineer.
If the transfer of DDC information is unsuitable for your installation, you can take steps to bypass or disable its use. DDC data is sent from the video display on the following pins of their connectors:
• | Analog VGA | pins 12 and 15 |
• | Digital DVI connector: | pins 6 and 7 |
As mentioned earlier, the ServSwitch Secure unit responds in the different ways, depending upon how the DDC data lines within the video display cable have been wired:
DDC pin conditions | ServSwitch Secure unit response |
|
|
Connected | DDC data is harvested from the connected video |
| display during unit power on and written to all |
| computer port memories. |
Not connected | Unit retains the DDC data that is already held in the |
| port memories and continues to present them to the |
| attached computers. No new DDC data can be sought |
| from the currently connected video display. |
Grounded | Unit wipes all DDC data held in memory and presents |
| no information to the attached computers. |
|
|
In situations where no DDC information is being supplied, it may be necessary to use a special driver on the connected computers to inform their graphic adapters on the appropriate signals to send.
Alternatively, a ‘surrogate’ video display of the appropriate type could be temporarily connected to the ServSwitch Secure unit in order to harvest the necessary DDC information. The surrogate video display could then be replaced by the real one, which has its DDC pin disconnected (not grounded).
®
11