This KVM will die before giving up your secrets

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By John Breeden II
 

Connecting state and local government leaders

By John Breeden II

|

The Tripp Lite B002-DUA4 is a highly secure keyboard, video, mouse switch that will fit in with any security plan.

Performance: AFeatures: AEase of Use: AValue: B-Price: $1,150Pros: Keeps connected computers from communicating; most hacking attempts result in death of unit.Cons: A bit pricey for a four-port switch.: The B002-DUA 4-port KVM Switch with NIAP-certified EAL2+ Security from Tripp Lite can be an answer to those problems. The B002 is designed to be a security fortress from the ground up.In terms of its base engineering, it’s a four-port switch that uses DVI as the display method and USB to connect the peripherals. There are also audio in and out cables so computers with sound can share the same set of speakers. Unlike most KVM switches, there is no keyboard shortcut to move between inputs. Each channel is separate, so it’s almost like having four individual KVMs that happen to be sitting inside the same box. The only way to actually switch the view from one channel to another is with the hardware buttons on the front panel.The keyboard buffer is cleared automatically every time the channel changes. So if someone is typing on the secure channel and switches over to a nonsecure system, no data makes the jump. Anything stuck in the buffer is wiped out. This also helps prevent accidents because a user typing at his or her keyboard can’t accidentally switch channels and not realize it. You have to actually touch the KVM to do it.One early method of hacking via KVM was to simply attach a USB drive to its ports and steal information right through the KVM itself. This has been eliminated with the B002 because it refuses to recognize anything other than human interface devices. We tested this with a unique mouse that also has a USB port. When connected to the B002, the KVM recognized the mouse and let us use it as a pointer, but the USB port didn’t function. So you can’t bypass internal security settings for USB drives by connecting through the switch.For our testing, we set up three different networks with varying security levels and connected them via the B002-DUA4. We left the fourth input slot empty to try and hack. We tried a bunch of different methods from a keyboard overflow to the aforementioned USB-equipped mouse to using a keyboard logger virus on the unsecured computer to try and sniff what was happening over on the secure one. Nothing worked. It’s safe to say that the B002 will prevent any accidental exchange of data, and it is quite a firewall against someone trying to get at your data on purpose.Turning from the mundane to more James Bond-like methods, we decided to try and crack open the KVM itself. Our plan was to open it up, connect the channels and install a recording device thumb drive on the empty one, which would log what was happening on the other three. We actually accomplished this very feat years ago on an unsecured KVM, so it’s entirely possible.However, with the B002, someone attempting such a thing will run into problems. First, there are tamper-evident stickers against all the seams. While it might be possible to slowly peel them off or use some type of solvent, when we tried, our tampering was pretty obvious to anyone who looked even after the stickers were replaced. Secondly, the device itself has a tamper sensor. If the device is opened, it will stop working. Not only that, all its LEDs blink like mad to indicate the intrusion. Finally, once we did get inside, we found that each of the channels and all internal circuitry are soldered directly to the motherboard. Without any wires, this makes hardware hacking almost impossible. Melting the connections would likely damage the device beyond repair. That is more than enough incentive to make most people leave the KVM alone.Finally, the firmware on the unit is not programmable, which eliminated the last method we could realistically try to make the unit less secure. While this means the B002 can never be flash upgraded, we doubt the KVM would ever need it. At its core, a KVM switch is kind of a basic component, so we don’t think it would ever need to be upgraded to accommodate some new feature.In terms of cost, the B002 is $1,150. We understand that you have to pay for security but still would balk just a bit at paying more than $1,000 for a four-port KVM. We suppose if you absolutely have to have every component in your network be completely secure, then the B002 isn’t a bad deal, even though you can purchase 10 nonsecure KVMs for the same price.After our tampering attempts, our B002-DUA4 is basically a pile of slag. However, we were not able to get any data from any of our test networks using it. And in the end, your classified government data is the most valuable thing in your office. If you have to lose a KVM to protect it, then that’s a lot better than losing your secrets. For that reason, we highly recommend the B002-DUA4 in places where security is the primary concern. It will take one for your team if needed.

KVM for keyboard, video, mouse switches have become almost as common in offices as computer monitors. The devices allow a user to control multiple computers from a single keyboard, video monitor and mouse. You almost never see anyone with multiple monitors on their desk when a single display and set of input devices can be attached to many different systems. Because a human can’t really work on more than one system at the same time, having a KVM switch makes loads of sense.

This wasn’t always the case. When we first started reviewing KVM switches, the attitude of many people seemed to be, “You can take my multiple monitors only out of my cold, dead hands.” But once people got used to them, the benefits far outweighed any nostalgia for a "Matrix"-like office with curtains of monitors. KVM switches free up an incredible amount of space and conserve energy because you have fewer displays sitting around sucking in power and pumping out heat.

But it’s not all cake and ice cream in the world of KVMs. In certain environments they can be a bit of a negative, or even a risk. If you have multiple computers with different security classifications, networking them together by any means is generally frowned upon. Also, they offer a tempting target for hackers as they are generally not secured and sometimes overlooked in the context of an overall security plan.


Tripp Lite B002-DUA 4-port KVM Switch









Related coverage

Plug and play graphics to rule one day

Switch keeps all classroom computers on the same page






Secure switching











The price of security







Tripp Lite, www.tripplite.com

NEXT STORY: Feds try to buy more time for DNSChanger cleanup

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.