Black Box SW4007A-USB-PLUS, SW2007A-USB manual Darted around the screen randomly clicking

Page 17

Threat

Solution

 

 

Data being sent to ports

Channel switching is controlled by the front

by means of faulty or

panel buttons only with all keyboard hotkey

subverted keyboards or

or mouse switching capabilities removed

mice causing the channel

from the design.

to switch and sending

 

data in turn to each port.

 

 

 

Data transfer by means of

USB ports support keyboard and mouse

common storage.

(and card reader for SW4007-PLUS-USB)

 

connections only. The product does

 

not enable a USB memory stick or disk

 

drive to be shared between computers.

 

Unidirectional signalling protects against

 

data transfer across the switch.

 

 

Timing analysis attacks.

If a connection exists between a computer

 

and a shared microprocessor system, it

 

is potentially possible to determine what

 

may be happening on the micro by timing

 

the responses to repeated requests that

 

the micro must service. For example, if

 

a high data bit takes longer to transmit

 

through the system than a low bit it may

 

be possible to detect the pattern of data

 

flowing between other ports by attempting

 

to time the responses to otherwise normal

 

requests. In the ServSwitch Secure, each

 

port has a dedicated processor that only

 

has input signals from the rest of the

 

system. These input signals are only active

 

when the port is selected. Consequently a

 

timing analysis attack from one computer

 

would yield no information about data

 

flowing to another computer.

 

 

Threat

Solution

 

 

Forced malfunctions due

It is potentially possible to create forced

to overloaded signaling.

malfunctions by constantly and quickly

 

sending a stream of valid requests (such as

 

the request to update the keyboard lights).

 

A well known example of an undesirable

 

KVM malfunction is a “crazy mouse”

 

which was quite common with early KVM

 

switches and was caused by data loss on

 

PS/2 systems with the result that the mouse

 

darted around the screen randomly clicking

 

and opening windows. The unidirectional

 

design of the Secure Switch ensures that

 

the influence of signalling on one port

 

cannot flow past the data diodes. This

 

means that overload signalling on one port

 

will not affect the operation of another

 

port. USB signalling is not susceptible to the

 

failure mechanism that caused the crazy

 

mouse on PS/2 systems.

 

 

The user selects the wrong

Only one simple method of selecting

port.

computers is provided. The selected port

 

is clearly and unambiguously indicated on

 

the front panel by means of colored lights

 

adjacent to each key switch. For high levels

 

of security, the screens of high and low

 

security computers should be arranged to

 

look visibly different in general appearance.

 

 

Signalling by means of

Each port is independently powered by its

shorting the power supply

USB port. Shorting the power supply on

or loading the power

one port will not cause the power on other

supply.

ports to be switched off.

 

 

Tampering with the

The switch is designed to enable tamper

switch.

proof seals to be fitted over the counter-

 

sunk screws.

 

 

®

    

16

Image 17
Contents ServSwitch Secure and Secure Plus Contents Introduction WelcomeSecure Plus ServSwitch Secure and Secure Plus features    Standard items Additional itemsLocations InstallationLinks overview Cabling recommendationsMounting To connect a keyboard and mouse link Making connectionsConnections to computer systems To connect an analog video input Connecting video inputsTo connect speakers Connections to user console peripheralsTo connect a keyboard and mouse Digital video display output Video display DDC information ServSwitch Secure DDC policyTo connect the power supply Connection to power supplyOperation Error indicatorSelecting computers Tamper-evident sealsUsing the smart card reader Custom configuration serviceSmart card reader Smart Card SecurityFurther information TroubleshootingSummary of threats and solutions Darted around the screen randomly clicking UK +44 0118 965 Getting assistanceCertification notice for equipment used in Canada Safety informationEuropean EMC directive 89/336/EEC Radio Frequency EnergyFCC Compliance Statement United States Canadian Department of Communications RFI statementInstrucciones de seguridad Normas Oficiales Mexicanas NOM electrical safety statement     Country Web Site/Email Phone Fax BlackBox subsidiary contact details