Understanding Secure KVM Switches

 Apr 21, 2021   |    Garrett Swindell

Secure KVM switches can carry various types of certifications; most notably NIAP and TEMPEST. Both have a protection profile that forces the design by nature to be secure from unwanted attacks, or even snooping. In this article we will get into each one briefly, then discuss the benefits of using a Secure KVM switch and find out which one is right for your application.

NIAP (The National Information Assurance Partnership) has a protection profile on Peripheral Switches where if a switch is tested and approved by NIAP under this protection profile, it means it has certain security features enabled. Some of these may include one-time programmable microchips, anti-tamper seals on the chassis, blocking of external disk drives/flash drives, power cycling at every KVM switch port, blocking of certain AUX channels, not allowing data to flow in both directions by use of data diodes, etc. However, this particular protection profile does not cover emissions.

TEMPEST is a code word synonymous with the study of the unintentional electronic emissions of classified data from an equipment or system... in short, electronic espionage! Knowing the TEMPEST profile to build to the spec requires a lot of experience in the field as the spec is not available to the public. TEMPEST will allow the signal being sent from each computer to be shrunk down in size so that it is very hard to pick it up when it is being processed on the KVM switch. This will protect that signal from being emitted through the airwaves to another unsecure port on the KVM, or even worse, someone outside the room; electronic espionage! There are different TEMPEST standards – Level A, B, and C; Level A being the most strict and used primarily when a threat from a foreign intelligence agency is considered “high.” In order to be compliant, “TEMPEST” switches must be tested in a NATO approved facility. Once testing has passed, each unit will be individually certified and serialized. If the switch is not certified or individually serialized, it is not considered to be “TEMPEST compliant.”

In general, most Secure KVM Switches only allow connection to basic keyboards and mice. If you have a gaming keyboard with a built in USB card reader, more than likely the Secure Switch will reject the keyboard. If the device draws too much power, it probably will not work on a Secure KVM switch. If the signal is too complicated or using faster speeds than 12 Mbps, more than likely the device will not work. On our CAC enabled KVM switches, you will need to look at each product on how they handle the card reader. Some Secure Switches require a separate external USB CAC Reader because the one in the keyboard may not work on certain models.

Black Box offers several different Secure KVM Switches. Contact us today to discuss what option is right for you.


About the Author

Garrett Swindell

Garrett Swindell

Product Engineer

Garrett Swindell has 20+ years’ experience programming, implementing server to client communications, and designing intricate control system. As a product engineer, his primary focus is developing connections between users and computers/servers though the use of hardware and software. Garrett assist local and international projects from start to finish with compliance regulations and performing product compliance testing with recognized test houses.