Welcome
Introduction
The Black Box ServSwitch Secure range of products are highly robust KVMA switches for critical applications. When information absolutely must not be leaked between systems or networks, the Secure and Secure PLUS units combine the necessary isolation with a desirable ease of use.
ServSwitch Secure units are available in two port and four port versions while the ServSwitch Secure PLUS provides four ports with the addition of a smart card reader for user authentication purposes.
The ServSwitch Secure units combine a number of overlapping strategies that are designed and proven to defeat potential points of infiltration or protect against user error.
Firstly, all channel switching is controlled only from the front panel buttons. No keyboard or mouse switching commands are permitted and all operations are continually monitored by a dedicated
Data Diodes, implemented within hardwired electronic circuitry, rather than software, are liberally employed to ensure that critical data paths can flow only in one direction. These data diodes ensure that a compromised peripheral, a keyboard for instance, cannot read information back from a connected system in order to transfer such details to another system. Whenever a channel is changed, the connected keyboard and mouse are always powered down and
In general, the role of software within the unit has been reduced to an absolute minimum to avoid the possibility of subversive reprogramming. Additionally, all flash memory has been banished from the design, to be replaced by one time programmable storage which cannot be altered.
The outer casing contains extensive shielding to considerably reduce electromagnetic emissions. Additionally, the casing has been designed with as few apertures as possible to reduce the possibility of external probing and several primary chassis screws are concealed by tamperproof seals to indicate any unauthorized internal access. Shielding extends also to the internal circuitry with all channels providing a minimum of 60dB crosstalk separation between computer input signals and any signals from the other computers at frequencies up to 100MHz.
These are just a few of the many strategies and innovations that have been combined to ensure separation between differing systems. Numerous other defences lie in wait to defeat any potential threat.
Various strategies are employed to ensure complete separation between the switched channels:
•Data Diodes are used on all communication lines so that information cannot be made to flow the ‘wrong way’ by any compromised peripheral.
•The keyboard and mouse are powered down and
•Many aspects of operation are internally monitored. For instance, if a second channel attempts to open while another is still active, all operation will be instantly halted and an error condition signalled to the user.
1 | 2 | 3 |
PC 1 | PC 2 |
Individually colored indicators provide clear visual feedback about the currently selected channel
Channel switching is by physical button press only, no keyboard or mouse codes are permitted
Common keyboard, mouse, video monitor and speakers are able to access multiple high security computers/networks, safe in the knowledge that data will not be transferred from one to another, either by user error or subversive attack.
The switching section is hard wired to allow only one channel to be selected at any time. This operation is also closely monitored by separate checking circuitry.
4
PC 3 | PC 4 |
Hard wired Data Diodes enforce a
®