Black Box ServSwitch Secure and Secure PLus, SW4007A-USB-PLUS manual Welcome, Introduction

Page 3

Welcome

Introduction

The Black Box ServSwitch Secure range of products are highly robust KVMA switches for critical applications. When information absolutely must not be leaked between systems or networks, the Secure and Secure PLUS units combine the necessary isolation with a desirable ease of use.

ServSwitch Secure units are available in two port and four port versions while the ServSwitch Secure PLUS provides four ports with the addition of a smart card reader for user authentication purposes.

The ServSwitch Secure units combine a number of overlapping strategies that are designed and proven to defeat potential points of infiltration or protect against user error.

Firstly, all channel switching is controlled only from the front panel buttons. No keyboard or mouse switching commands are permitted and all operations are continually monitored by a dedicated sub-system. Any deviation from a strictly ordered sequence of events will result in an error condition, where all channels are immediately isolated and the operator is informed via a front panel indicator.

Data Diodes, implemented within hardwired electronic circuitry, rather than software, are liberally employed to ensure that critical data paths can flow only in one direction. These data diodes ensure that a compromised peripheral, a keyboard for instance, cannot read information back from a connected system in order to transfer such details to another system. Whenever a channel is changed, the connected keyboard and mouse are always powered down and re-initialised to provide yet another level of protection against hidden peripheral malware.

In general, the role of software within the unit has been reduced to an absolute minimum to avoid the possibility of subversive reprogramming. Additionally, all flash memory has been banished from the design, to be replaced by one time programmable storage which cannot be altered.

The outer casing contains extensive shielding to considerably reduce electromagnetic emissions. Additionally, the casing has been designed with as few apertures as possible to reduce the possibility of external probing and several primary chassis screws are concealed by tamperproof seals to indicate any unauthorized internal access. Shielding extends also to the internal circuitry with all channels providing a minimum of 60dB crosstalk separation between computer input signals and any signals from the other computers at frequencies up to 100MHz.

These are just a few of the many strategies and innovations that have been combined to ensure separation between differing systems. Numerous other defences lie in wait to defeat any potential threat.

Various strategies are employed to ensure complete separation between the switched channels:

Data Diodes are used on all communication lines so that information cannot be made to flow the ‘wrong way’ by any compromised peripheral.

The keyboard and mouse are powered down and re-initialised during every channel switch to ensure that they cannot act as transport media for malicious data between computers.

Many aspects of operation are internally monitored. For instance, if a second channel attempts to open while another is still active, all operation will be instantly halted and an error condition signalled to the user.

1

2

3

PC 1

PC 2

Individually colored indicators provide clear visual feedback about the currently selected channel

Channel switching is by physical button press only, no keyboard or mouse codes are permitted

Common keyboard, mouse, video monitor and speakers are able to access multiple high security computers/networks, safe in the knowledge that data will not be transferred from one to another, either by user error or subversive attack.

The switching section is hard wired to allow only one channel to be selected at any time. This operation is also closely monitored by separate checking circuitry.

4

PC 3

PC 4

Hard wired Data Diodes enforce a one-way flow on information

®

    



Page 2 Page 4
Image 3
Page 2 Page 4
Contents ServSwitch Secure and Secure Plus Contents Introduction WelcomeSecure Plus ServSwitch Secure and Secure Plus features    Standard items Additional itemsCabling recommendations InstallationLocations Links overviewMounting Making connections Connections to computer systemsTo connect a keyboard and mouse link To connect an analog video input Connecting video inputsConnections to user console peripherals To connect a keyboard and mouseTo connect speakers Digital video display output Video display DDC information ServSwitch Secure DDC policyTo connect the power supply Connection to power supplyTamper-evident seals Error indicatorOperation Selecting computersSmart Card Security Custom configuration serviceUsing the smart card reader Smart card readerTroubleshooting Summary of threats and solutionsFurther information Darted around the screen randomly clicking UK +44 0118 965 Getting assistanceCertification notice for equipment used in Canada Safety informationCanadian Department of Communications RFI statement Radio Frequency EnergyEuropean EMC directive 89/336/EEC FCC Compliance Statement United StatesInstrucciones de seguridad Normas Oficiales Mexicanas NOM electrical safety statement     Country Web Site/Email Phone Fax BlackBox subsidiary contact details
Top Page Image Contents