Security threats come as often from within a company's walls as from without, and physical safeguards can be as important as passwords. Claiming an industry-first, Belkin has unveiled a series of secure KVM switches that connect using DisplayPort, a more capable alternative to DVI and HDMI. This gives defense firms, government agencies, financial institutions and other security-minded organizations the option of adopting the fast-growing, high-resolution protocol that's found on more and more PCs and laptops. The current DisplayPort spec can drive a monitor with 30-bit color at up to 3,840-x-2,160 pixels while also carrying a 17-Gbps data link.
KVM switches permit multiple computers to share a single monitor, keyboard and mouse to facilitate quick switching between nodes and/or networks with minimal clutter. In secure settings, a KVM switch can add one or more extra layers of security by limiting access to connected nodes either physically or with card-based authentication, and by preventing nodes to communicate with each other using electronics within the switch itself.
Belkin offers four secure DisplayPort KVM switches, including dual-head and quad-head models for as many as four DisplayPort nodes. For testing, the company sent the entry-level F1DN102P, a single-headed, two-port device with an audio and a CAC port, to which can be connected an optional secure ID-card reader. There's also a port for connecting Secure Desktop Controller Unit, which simplifies browsing through large numbers of connected nodes.
Security starts with the packaging, which is tamper-evident and about as easy to open as a FedEx box with a broken ripcord. There's no way to pry the cardboard away from the glue without tearing or slicing it. Printing on the inner cardboard identifies node labels and color tabs, and illustrates how to use them. The unit itself is affixed with a tamper-evident label and will not operate if opened. Redundant circuitry inside the unit prevents signaling attacks and data leakage across channels.
It took just a few minutes to make the connections necessary for a head end and two nodes. Connecting the 102P on the head end involved DisplayPort, speakers and keyboard/mouse connections. The unit offers dedicated PS/2 ports using legacy peripherals (on the head end only) plus unidirectional USB ports designated for mouse and keyboard. Belkin's secure KVMs will shut down the USB ports if a device other than the designated type (such as a USB thumb drive) is plugged in. They resume normal operation when the correct peripheral is reconnected. On the node side, a DisplayPort, USB host and audio (if desired) are the only required connections. There's also a 12- volt power supply with AC cable.
The secure ID of choice for Central Intelligence, the Department of Defense and other government agencies is the CAC, or Common Access Card. If CAC is to be used, a single reader can service all connected nodes. It connects to the switch and passes the card data along a bi-directional USB connection to the nodes via a second USB host cable.
Like the F1DN104F we reviewed in 2011, the F1DN102Psimplifies error-free node switching with a system of labels and color-coded plastic chips that are impossible to remove accidentally. For health-care organizations, law firms, financial institutions and government agencies seeking a secure DisplayPort switch, the CRN Test Center recommends the F1DN102P from Belkin. List prices start at $849.
PUBLISHED FEB. 25, 2014