High Sec Labs - Network Isolation and Integration Techniques

		Search: \| Logon

Products Secure KVM Switches Secure KVM Selection Guide K202B/D 2-Port Miniature K20x 2/4-Port K208E 8-Port K244 4-Port Dual-head K248E 8-Port Dual-head K2016E 16-Port Secure KVM Matrix K224 4 Ports 2 Displays Secure KM Switches K304 4 Ports 16 Displays Secure KVM Combiners K40x 2/4 Ports K600 4 Modules BL2000 KVM Blades TEMPEST Products TTCM TSW480 48 Ports Switch Secure Desktops HSPC800 Seucre PC Accessories and Cables Cables and Adapters Remote Desktop Controllers Smart-Card Readers Secure Connectivity Products Data Diodes and Pumps Data filters NOA - Network Overlay Appliance OEM Products SheevaPlug SP1100 SheevaPlug SSP2000 Slim Giga Appliance Where to buy Services & Support Technical Susport FAQ Warranty Custom products Security evaluation TEMPEST testing Professional Services Technologies Patents White Papers Resources Training About Company profile Offices Press Releases and News Where to buy Strategic alliances Quality Environmental Partners Partners Login Becoming a reseller HSL Credit Application

High Security Labs Published Patent Applications

Currently published patent applications:

ISOLATED MULTI-NETWORK COMPUTER SYSTEM AND APPARATUS

3-Dimensional Multi-Layered Modular Computer Architecture

Server Having Remotely Manageable Emulated Functions

SECURED KVM SYSTEM HAVING REMOTE CONTROLLER-INDICATOR

High Security Labs submitted 14 more patent applications that were not yet published.

Technology Overview - Possible solutions for isolated networks integration at the user's desktop

Existing Solution 1 – LAN Switching

The term LAN switching applies here to an electromechanical switch rather than to electronic switch (layer 2 or layer 3). This solution is shown in the block diagram at figure 1 bellow. A single PC with a single LAN card connected to a switch box attached to 2-3 different copper LANs.

Figure 1 -Multiple networks separation using LAN Switching

This method was very popular in high-security organizations in the 80’s and 90’s but disappeared several years ago. It became a major threat as security organization found the easiness of making data leakages in a single computer attached to two isolated networks. Some organizations requested users to reboot their computers before switching but still is regarded as the most dangerous way of isolating networks.

The risks involved with this method are the potential abuse of this shared PC to deliver (leak) classified information from one network to another. As the assumption today is that one network may be infected with a hostile code. It is relatively easy to infect this shared PC and use it to temporally store data delivered from one network into the other. Even if that PC is booting from a clean VMware server or from ROM (Read Only Memory), this arrangement is still very risky as the shared PC contains many potential locations with residual memory.

LAN Switching isolation advantages and disadvantages:

Advantages	Disadvantages
Low cost (switch is cheap, single PC, single set of peripherals)	Significant security risks as a single computer connect to two isolated networks.
Strong galvanic isolation between networks. Possible due to the simple electromechanical design.	Does not support mix of copper and fiber LANs. Normally does not support Giga LAN.
-	Difficult to use – long time to switch between networks due to reboot time.

In general, this method regarded as safe when electrical emanations were the primary risk, today viruses and malicious code is the primary risk and therefore this type of isolation is not in use anymore.

Existing Solution 2 – Multiple PCs and peripherals

The most straightforward method is to connect two or more independent sets of computers and peripherals. This method becomes unpractical when more than three isolated networks are needed as the user desktop becomes a jungle of wiring and peripherals.

Figure 2 - Multiple networks separation using multiple PCs and peripherals

Multiple networks separation using multiple PCs and peripherals advantages and disadvantages:

Advantages	Disadvantages
Very secure - Strong isolation between networks as no integration point exist. Only TEMPEST leakages are possible.	Large desktop space needed for PC and duplicated sets of peripherals.
Easy for the user to identify the security level (network) in use.	Difficult to use – two isolated environments.
Fast switching time between environments.	Lower reliability, a lot of cabling.
Medium cost – no special equipment needed (still 2 or more sets of equipment need to be maintained for each user).	User authentication in multiple networks is replicated.
-	Heavier user workload and fatigue. Potential spoofing attack.

Existing Solution 3 – Multiple PCs and Conventional KVM

This method is by far the most popular one today as KVMs are readily available for very low cost. Conventional KVM setup is shown in figure 3 bellow. As shown in this figure the networks integration takes place at the user’s desktop.

Figure 3 - Multiple networks separation through multiple PCs and conventional KVM

Video and peripheral lines connected between the isolated PCs and the KVM by cables. Simple solid state video MUX route one video input to the single video output based on user inputs. User can select one output using key combinations (keyboard pattern detection) or by means of rotary switch or push-buttons.

Peripheral channels are normally connected to microcontroller to enable error free boot of connected PCs. This microcontroller setup is typically the vulnerable point in the conventional KVM as it may leak data between channels.

The reliance on the older PS/2 protocol does not relieve the security risks of conventional KVMs as keyboard logging and bi-directional data-exchange can still happen in PS/2.

Multiple networks separation through multiple PCs and conventional KVM advantages and disadvantages:

Advantages	Disadvantages
Secure - Reasonable isolation between networks. Unless the organization is targeted by a capable attacker.	Security risk due to the use of COTS KVM. Attack can be initiated remotely to create data leakage across the KVM.
Medium cost – low cost KVM needed (still 2 or more PCs need to be maintained for each user).	Ease of use – medium. Two isolated environments but simple switching between.
Fast switching time between environments.	Difficult for the user to identify the security level (network) in use.
-	User authentication in multiple networks is replicated.
-	Exposed data I/O (USB) ports.
-	Poor galvanic isolation between PCs (unless one network is fiber).

The use of conventional KVM may be a weak link that may cause data leakages. In general high security organizations like to control the integration point between the networks and therefore many of them defined “Secure KVMs” as a controlled solution for this challenge. Still due to security vulnerabilities many organizations would not allow conventional KVMs in top secret environments.

New Solution 1 – Multiple PCs and HSL 3rd Generation Secure KVM

This method developed and patented (pending) by HSL in 2008 as a safe KVM solution for high security organizations requiring physical isolation of networks. From the user standpoint this method operates at the same way that conventional KVM operates.

Figure 4 – Multiple networks separation using HSL 3rd-Generation Secure KVM Switch

In this setup two or more PCs are connected to separate networks. The USB or PS/2 of each computer is connected to the secure KVM through a cable. Optional galvanic isolation enables the two computers ground planes to be floating (isolated). Each video input channel is passed through data diode to assure isolation and unidirectional flow. Display EDID (Plug & Play) is emulated by isolated devices (not shown here). Video switch implemented by MUX connect one video input to the video output port based on user selection.

USB or PS/2 keyboard / mouse connected to the Secure KVM via two isolated host emulators. These host emulators assures that all bi-directional protocols will be reduced to a uniform unidirectional data flow passed through a switch and another set of optical data-diodes. The unidirectional peripheral data stream is then routed to the device emulators connected to the attached hosts through cables. This peripheral path implementation enables absolute peripheral devices filtering – no storage devices will be supported.

Optional anti-tampering circuitry enables tampering detection and reporting when needed.
Optional TEMPEST interfaces enable fiber link to monitor and use of special TEMPEST peripherals.

For additional information about HSL Secure KVM Switches >

Multiple networks separation using HSL secure KVM advantages and disadvantages:

Advantages	Disadvantages
Very high security - Optical isolation between channels. Will maintain isolation even if two connected computers are infected with a hostile code that targets the KVM.	Ease of use – medium. Two isolated environments but simple switching between.
Complete protection of peripheral ports – USB / PS/2 ports are unidirectional by optical isolators. Strong peripherals filtering.	Difficult for the user to identify the security level (network) in use.
Medium cost – higher cost KVM needed (still two or more PCs need to be maintained for each user)	User authentication in multiple networks is replicated.
Fast switching time between environments.	-
Optional high galvanic isolation and anti-tampering.	-

Optical data diodes are electronic elements that coverts electrical signals coming from one side to light, received by another side and converted back to electrical signals. These elements assuring uni-directional data flow by reliance on physics. They are also capable of creating galvanic isolation between the two sides if needed (no common ground).

This solution is simple and safe for environments having top secret or national security networks. It is typically used for simple tasks users. Users working daily between networks (intelligence analysts or operations) may need easier solution such as KVM Combiner shown bellow.

New Solution 2 – Multiple PCs and Secure KVM Combiner

This method developed and patented (pending) by HSL in 2008 to further improve the user experience while maintaining highest level of security. It addressed the needs of specific users who are working daily in several isolated networks. These users are characterized by the need to enable structured processes between networks such as Secure Copy-Paste. A typical example would be intelligence analysts that their daily job involves data collection at one network to build a report on another network. Security gap between networks may be very high and therefore KVM Combiner should implement data security measures similar to HSL Secure KVM. To enable easy work across isolated networks, the KVM Combiner uses advanced video processor to create interactive “Windows like” user experience.

Figure 5 – Multiple PCs and HSL Secure KVM Combiner

The video section of the KVM Combiner uses fast Field Programmable Gate Array (FPGA) and DDR memory to process video received from connected sources and generate high-quality high-resolution dynamic desktop at the connected display. Windowing commands and interaction data received by the video processor via optical data diode connected to the peripheral controller section.

Host emulators connected to the keyboard and mouse managing the user interaction. USB / PS/2 switch couples the active channel to the appropriate device emulator of that channel through optical data diodes.

For additional information about HSL Secure KVM Combiner >

Multiple networks separation using HSL Secure KVM Combiner advantages and disadvantages:

Advantages	Disadvantages
Very high security - Optical isolation between channels.	User authentication in multiple networks is replicated.
Simultaneous work in windowing environment between different networks.	Higher cost – higher cost KVM needed (and two or more PCs need to be maintained for each user)
Easy for the user to identify the security level (network) in use through colored frames.	-
Complete protection of peripheral ports – USB / PS/2 ports are unidirectional by optical isolators.	-
*Optional Secure Copy – Paste* between networks** (controlled by policy and regulated by other systems)	-
Fast switching time between environments.	-

New Solution 3 – Modular Secure KVM Combiner

This concept developed and patented (pending) by HSL in 2009 to further address high-security organizations needs for improved efficiencies. HSL integrated in a modular chassis the KVM Combiner, isolated power supplied and four bays for hosts / hosts interfaces. These bays could use any combination of offered modules called Nano-Blades.

Figure 6 - Multiple PCs and Modular Secure KVM Combiner

For additional information about HSL Modular Secure KVM Combiner >

HSL developed several Nano-Blades compatible with the product:

AUX DVI to connect external PC, thin-client or docking station through DVI / HDMI.
AUX VGA to connect external PC, thin-client or docking station through VGA.
LNB – Linux based thin-client to run remote sessions, virtual desktop and local multimedia.
LNBF – same thin-client module as LNB but with fiber LAN interface.
ANB – Intel Atom based secured PC running Windows XP / XP embedded or Linux.
Blank panel to plug unused bays.

Integrating the clients (thin or fat) as needed inside the KVM chassis enabled endless configurations to match the requirements of different user groups.

This modular approach also ease the maintenance and support of large deployments as many organizations tends to “paint” computers and peripherals by the class of networks that they touched.

The modular design accepted as safe to identify specific modules by their color. The chassis accepted as nocolor. Maintaining the different groups inside the organization become easier with painted Nano-blades stocks.

Multiple networks separation using HSL Modular Secure KVM Combiner advantages and disadvantages:

Advantages	Disadvantages
Same as above (KVM Combiner)	Same as above (KVM Combiner)
Secure Hosts as part of an integrated solution – risks are easier to manage	-
Minimum cabling – only LAN exposed	-
Flexibility in deployment and maintenance	-
Future growth path	-
Isolated power option	-
Reduced risk of exposed USB	-
Smaller installation footprint	-
Much lower power consumption	-
End to End TEMPEST solution. No integration needed	-
Single (secure) management platform across different isolated networks	-
Cost efficient solution	-

New Solution 4 - Virtualization and mixing networks at the server

The introduction of virtualization technology provided a strong temptation to secured organizations – the possibility to use a single server farm to mix between different networks on different virtual machines. Can virtual machines be partitioned enough to isolate different users and different security levels?

At first look the server and desktop virtualization may be the perfect solution for network isolation / integration. But a second look will reveal the major risks of this method.

As discussed above, from economy standpoint it makes perfect sense to integrate networks at the datacenter or server.

Multiple networks separation using virtualization:

Advantages	Disadvantages
Single desktop to access multiple virtual machines. Lowest implementation and maintenance costs.	The high risk of software code to bridge between different security levels or networks. This risk is similar in nature to the risk of desktop infection as the virtual machines coexist on a single operating system and single physical platform.
Single network infrastructure to the desktops.	No air-gap or physical separation. Intruder may propagate from server OS to virtual client OS to client to another virtual OS or to another server.
Intuitive an efficient user environment with mixed windows on a single display.	-
Scaleable and easier to deploy – everything is done on software – no physical deployment or changes needed.	-

The advantages of this solution are clear and attractive; still this method is not widely in use due to the severe security risks described above.

External link to Citrix Secure Solutions >

External link to VMware Security Solutions >

To top of page

Contact | Sitemap | Feedback