What is a Secure KVM Switch?
A Secure KVM Switch is a device that allows a user to control multiple computers from a single keyboard, video display, and mouse (KVM) while maintaining the highest levels of security to prevent data leakage between computers, even when they belong to different security classifications.
What does NIAP certification mean?
NIAP (National Information Assurance Partnership) certification means the device complies with strict government and military security standards. IPGARD Secure KVM Switches are NIAP-certified under Protection Profile (PP) PSD 3.0 and 4.0, ensuring they meet these rigorous security standards.
How do Secure KVMs prevent data leakage between computers?
Secure KVMs use unidirectional data diodes, isolated channels, and emulation technology to ensure that no data can flow from one computer to another. This includes isolating USB devices, audio, video, and user authentication devices to prevent unauthorized information transfer.
What types of connections do IPGARD KVMs support?
IPGARD Secure KVMs support multiple connection types, including DVI, HDMI, and DisplayPort for video, as well as USB for keyboards, mice, and authentication devices. Models are available with single-head, dual-head, and quad-head video output, depending on the number of monitors required.
What is the significance of the Common Access Card (CAC) port?
The CAC port allows for secure user authentication via a smart card or other secure token. The IPGARD Secure KVM filters and controls data flow to and from this port, ensuring that unauthorized devices cannot access the system.
How does IPGARD handle video display security?
IPGARD Secure KVMs prevent unauthorized video data flow by using unidirectional video data channels. They also employ Extended Display Identification Data (EDID) emulation to isolate the display from connected computers, ensuring no unauthorized communication can occur.
What are the different security features of IPGARD Secure KVMs?
- Data Diodes to enforce unidirectional data flow
- Self-Testing upon power-up to ensure device integrity
- Anti-Tampering mechanisms with visual and audible alarms
- Isolated channels for video, audio, and peripheral devices
- Authentication Device Isolation for secure login using CAC or biometric readers
What happens if a secure KVM is tampered with?
If tampering is detected, the KVM will enter a secure state, isolating all computers and peripherals to prevent any unauthorized data flow. Tamper-evident seals and internal sensors help detect physical tampering.
How does the IPGARD KVM enforce unidirectional audio flow?
Audio data flows only from the connected computer to the audio device (e.g., speakers or headphones). Microphone input is not allowed to ensure that no audio data can be transferred from the audio device back to the computer.
Can IPGARD Secure KVMs be used in environments requiring TEMPEST compliance?
IPGARD KVMs are designed to be highly secure but are not explicitly TEMPEST-compliant. However, they are designed to operate in secure environments with physical security measures that protect against electromagnetic data leakage.
What is the purpose of the ‘Self-Test’ feature?
The self-test feature verifies the integrity of the KVM upon power-up. If any critical failure is detected, the device disables itself and alerts the user with visible and audible warnings.
What peripheral devices are supported by IPGARD Secure KVMs?
Supported peripherals include wired USB keyboards and mice, monitors, analog speakers, and USB user authentication devices such as smart card readers and biometric readers. Wireless devices are not supported to maintain security integrity.
Can IPGARD Secure KVMs be used with multiple monitors?
Yes, depending on the model, IPGARD Secure KVMs support single-head, dual-head, or quad-head video outputs, allowing users to operate multiple monitors simultaneously.
What are the PP PSD 3.0 and PP PSD 4.0 certifications?
PP PSD 3.0 and 4.0 are versions of the Protection Profile for Peripheral Sharing Devices, which outline the security standards for devices like KVMs. Devices certified under PP PSD 4.0 meet newer and stricter security requirements than those under 3.0.
What remote controllers are available for IPGARD Secure KVMs?
IPGARD offers two secure remote controllers: the STC-100 and the RCS100. These controllers are designed to provide a secure method of switching between connected computers on IPGARD Secure KVMs without using hotkey functionality.
What is the STC-100 secure remote controller?
The RCS100 is another wired remote control option for IPGARD Secure KVMs. It features tactile buttons for secure channel switching and includes visual indicators for selected channels. Like the STC-100, it offers a secure way to manage connected systems without relying on hotkeys or software control.
What is the RCS100 secure remote controller?
The RCS100 is another wired remote control option for IPGARD Secure KVMs. It features tactile buttons for secure channel switching and includes visual indicators for selected channels. Like the STC-100, it offers a secure way to manage connected systems without relying on hotkeys or software control.
Can I use hotkeys to switch channels on IPGARD Secure KVMs?
No, IPGARD Secure KVMs do not support hotkey functionality for switching channels. This ensures enhanced security by preventing unintended or unauthorized switching. Users must switch channels via physical buttons on the KVM or by using a secure remote controller like the STC-100 or RCS100.
How do the remote controllers enhance security?
The remote controllers (STC-100 and RCS100) are physically connected to the KVM and do not rely on wireless signals, which can be vulnerable to interception or interference. The absence of hotkey switching also eliminates the risk of unauthorized switching commands being executed from a connected computer.
What is the difference between the STC-100 and the RCS100?
Both the STC-100 and the RCS100 provide secure wired remote control for IPGARD Secure KVMs, but they may differ in terms of design and button layout. Both are designed to offer secure, tactile control for switching channels without the need for hotkey functionality.
