As stories about highly sensitive data security breaches within the U.S. government and U.S. military make headlines, government agencies are demanding a higher level of security from their IT vendors.
Internal Threats
While we may still envision the remote “hacker” trying to break through a firewall when we think of IT security threats, networks are in fact most vulnerable to data breaches from internal desktop computers and other peripheral devices.
NIAP Certification
The National Information Assurance Partnership (NIAP), which agencies rely on to test and certify the security capabilities of IT products, emphasizes the ability to combat these internal threats. They have rigorous requirements for products, such as KVM switches, that connect with and manage users’ peripheral devices.
A KVM switch that is not secure provides an open door for in-house users to:
- Access/remove restricted internal information
- Introduce malware network-wide
- Physically breach the device hardware
NIAP-Certified Secure KVM Switches
NIAP KVMs allow users to safely switch between connected computers, while protecting data from accidental transfer or unauthorized access. They're recommended for any government, military, financial or healthcare environment where data security is of utmost importance.
Specific features of NIAP KVM switches include:
- Isolated Data Channels. Physically separated circuits for each data path on a KVM switch prevent data transfer when switching between authorized and unauthorized channels.
- One-Way Communication. Prevents users from transferring data back out (to an external device) through the KVM switch. This is essential as handheld drives with terabyte-sized data stores have become available.
- Secure Emulation. Keyboard and mouse emulation is secured to restrict discovery of connected devices during switching, as is transmittal of EDID data from connected monitors.
- Flash Drive Restriction. External storage devices are blocked to prevent exposure to malware.
- Memory Clearing. Secure KVM switches will continuously clear their internal memory after every data transmission to protect against memory mining.
- Tamper Protection. Device firmware cannot be reprogrammed. Tamper-evident seals indicate if physical intrusion has been attempted; if the physical casing is opened, the KVM switch renders itself inoperable.
- Push-Button Control. Requires physical access to the KVM switch when switching between connected computers.
While it was designed to meet the strict security requirements of government agencies, NIAP certification does not prevent a product from being used in non-government applications. Healthcare providers, private corporations and any other organizations seeking to protect sensitive data from internal threats can take advantage of the same level of protection this class of products provides.
