Understanding Secure KVM Switches

Secure KVM switches can carry various types of certifications; most notably NIAP and TEMPEST. Both have a protection profile that forces the design by nature to be secure from unwanted attacks, or even snooping. In this article we will get into each one briefly, then discuss the benefits of using a Secure KVM switch and find out which one is right for your application.

What is the NIAP Protection Profile?

NIAP (The National Information Assurance Partnership) has a protection profile on Peripheral Switches where if a switch is tested and approved by NIAP under this protection profile, it means it has certain security features enabled. Some of these may include one-time programmable microchips, anti-tamper seals on the chassis, blocking of external disk drives/flash drives, power cycling at every KVM switch port, blocking of certain AUX channels, not allowing data to flow in both directions by use of data diodes, etc. However, this particular protection profile does not cover emissions.

Download our whitepaper The Impact and Importance of NIAP PP PSD 4.0

What is TEMPEST?

TEMPEST is a code word synonymous with the study of the unintentional electronic emissions of classified data from an equipment or system....in short, electronic espionage! Knowing the TEMPEST profile to build to the spec requires a lot of experience in the field as the spec is not available to the public. TEMPEST will allow the signal being sent from each computer to be shrunk down in size so that it is very hard to pick it up when it is being processed on the KVM switch. This will protect that signal from being emitted through the airwaves to another unsecure port on the KVM, or even worse, someone outside the room: electronic espionage! There are different TEMPEST standards – Level A, B, and C; Level A is the most strict and is used primarily when a threat from a foreign intelligence agency is considered "high." In order to be compliant, "TEMPEST" switches must be tested in a NATO approved facility. Once testing has passed, each unit will be individually certified and serialized. If the switch is not certified or individually serialized, it is not considered to be "TEMPEST compliant."

Watch our OnDemand Webinar How to Protect Assets and Information with TEMPEST-Certified Solutions

Secure Peripherals

In general, most Secure KVM Switches only allow connection to basic keyboards and mice. If you have a gaming keyboard with a built-in USB card reader, more than likely the Secure Switch will reject the keyboard. If the device draws too much power, it probably will not work on a Secure KVM switch. If the signal is too complicated or using faster speeds than 12 Mbps, more than likely the device will not work. On our CAC enabled KVM switches, you will need to look at each product on how they handle the card reader. Some Secure Switches require a separate external USB CAC Reader because the one in the keyboard may not work on certain models.

Need More Information?

Black Box offers several different Secure KVM Switches. Contact us today at 877-877-2269 or [email protected] to discuss what option is right for you.

Visit our website to see our Black Box Secure KVM offering.

About the Author

Garrett Swindell

Garrett Swindell

Product Engineer

Garrett Swindell has 20+ years’ experience programming, implementing server to client communications, and designing intricate control system. As a product engineer, his primary focus is developing connections between users and computers/servers though the use of hardware and software. Garrett assist local and international projects from start to finish with compliance regulations and performing product compliance testing with recognized test houses.

KVM Network Security Secure KVM
Subscribe Now