solutions for demanding environments - highseclab
TRANSCRIPT
solutions for demanding environments
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Company pRoFILE
C o m p a n y p R o F I L E
Presentation overview
Company BriefBackground information about HSL company, services and brand. Review target markets and product lines.1 2
The risk in sharing peripheralsExplain the dangers in sharing peripherals between multiple computers. Discuss user challenges derived from network segregation.
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Con�dentialNetwork
Internet Connected Network
4
produCTs: seCure swiTChingReview the key features and Product Connection Diagram of HSL’s secure switching products: KVM, KM, Mini-Matrix, Combiner.
Multiple Sources
Speakers
Single Keyboard & Mouse
Single Display
PC #4Top Secret
SECUREKVM SWITCH
SECUREKVM SWITCH
NIAPPP3.0
Certi�ed
3
seCuriTy & produCT highlighTsOverview security certification process. Security & Product highlights explained in detail. Freeze
Audio
Interact Simultaneously with Multiple
Computers
Share Peripherals
across Domains
Smoothly Switch
Computers (VDT)
Support 4K Video
Avoid Typing
Mistakes
Filter USB (fUSB)
Prevent Information
Leaks
KVM <-> KM
Native Touch Screen
Support
NIAP PP3.0 Certi�ed
Freeze USB
Flexible Screen Layout
User Friendly
MultiMonitor Support
USB Security
Video Security
Mouse Security
Keyboard Security
Audio Security
Hardware Anti-
Tampering
Firmware Anti-
Tampering
6
produCTs: non-seCureReview HSL’s non-secure products: Switching solutions, MMC.
KVMKVM
PC #4
5
produCTs: seCure peripherals & auThenTiCaTionReview HSL’s secure peripherals and authentication products: Isolator, Headphone-Diode, USB Filter, USB Plug, MDR.
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
C o m p a n y p R o F I L E
ComPany Brief
• privately-owned, HQ in Israel
• Founded in 2008
• Focused on cyber-security solutions which allow safely sharing peripherals across different security networks
• Dozens of patents submitted
• Global reach with trusted partners
• nIap/Common Criteria certified
Core Values
• Innovation/out-of-the-box thinking
• High Quality
• Top security
• User-centered design
C o m p a n y p R o F I L E
2-sides to HsL
r&d serViCes – oem
• Resolving customer security/functional pain points
• owning extensive R&D expertise
• providing leading solutions to market leaders
• User-friendly designs
• Complying with harshest security & quality standards
hsl Brand
• secure kVm switches for high security markets, such as government and command & control
• hsl km, Combiner and mini-matrix switches are high-end derivatives of HSL KVms, offering multi-viewing and other unique features
• additional HSL solutions include:
- Secure peripheral data flow & filtering
- Unique authentication solutions
C o m p a n y p R o F I L E
HsL soLutions
ProduCt Lines
• Secure Switching Solutions
• Switching Solutions
• Secure peripherals & authentication
C o m p a n y p R o F I L E
target markets
Government Banking & Trading
Command & Control
any organization witH muLtiPLe networks
C o m p a n y p R o F I L E
2
The risk in sharing peripheralsExplain the dangers in sharing peripherals between multiple computers. Discuss user challenges derived from network segregation.
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Con�dentialNetwork
Internet Connected Network
C o m p a n y p R o F I L E
tHe tHreat
Internet Connected Network
• Computer viruses, worms, fishing attacks, Trojan horses, ransomware and other cyber-attack tools rely on network connectivity and internet access for infection, distribution and extraction of information.
- Computer Viruses
- Worms
- Fishing attacks
- Trojan Horses
- Ransomware
- Cyber-attack Tools
- network Connectivity
- Internet access
C o m p a n y p R o F I L E
network segregation
• To protect valuable data and prevent information leakage it is realized that physical segregation of computer networks effectively prevents malicious attacks and data theft. Isolating computer networks from the internet - increases data security.
• Since the internet has become a necessity for many business processes whereas network segregation has become essential for data security, many organizations use dedicated internet-access networks which are secluded from other internal computer networks.
• Government agencies, military and similar high security organizations further segregate computer networks based on different classification levels (Top Secret / Secret / Confidential / Unclassified).
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Con�dentialNetwork
Internet Connected Network
C o m p a n y p R o F I L E
end user CHaLLenge
• Due to network segregation users are forced to inconveniently interact with multiple computers, observe multiple displays and use multiple sets of peripherals.
muLtiPLe disPLays
muLtiPLe keyBoards
muLtiPLe miCe
one user
C o m p a n y p R o F I L E
PeriPHeraL sHaring via CommerCiaL equiPment
• To simplify user’s work, peripheral sharing devices such as, Keyboard-Video-mouse (KVm) switches which allow sharing a single set of keyboard, video and mouse between multiple computers are used.
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Con�dentialNetwork
Internet Connected Network
C o m p a n y p R o F I L E
tHe risk in sHaring PeriPHeraLs
• Shared peripherals can be used to breach the gap between secluded networks.
• most computer peripherals have no security mechanisms what so ever (anti-virus, firewall, user permissions...etc.) and are therefore vulnerable to malicious attacks.
• peripherals and peripheral sharing devices which are shared between multiple computers impose a security threat as hackers target them in attempt to abuse and penetrate secluded computer environments.
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Con�dentialNetwork
Internet Connected Network
C o m p a n y p R o F I L E
3
seCuriTy & produCT highlighTsOverview security certification process. Security & Product highlights explained in detail. Freeze
Audio
Interact Simultaneously with Multiple
Computers
Share Peripherals
across Domains
Smoothly Switch
Computers (VDT)
Support 4K Video
Avoid Typing
Mistakes
Filter USB (fUSB)
Prevent Information
Leaks
KVM <-> KM
Native Touch Screen
Support
NIAP PP3.0 Certi�ed
Freeze USB
Flexible Screen Layout
User Friendly
MultiMonitor Support
USB Security
Video Security
Mouse Security
Keyboard Security
Audio Security
Hardware Anti-
Tampering
Firmware Anti-
Tampering
C o m p a n y p R o F I L E
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
HsL’s seCure segregation soLutions
• HSL’s patented secure segregation solutions include a variety of peripheral sharing switch devices that enhance user productivity in challenging multi-computer environments while maintaining the highest isolation between computers and peripherals.
• The products are qualified with the latest nIap Common Criteria protection profile version 3.0 (pp3.0) certification for peripheral Sharing Switch (pSS) devices.
• HSL products are designed to obstacle threats derived from sharing and switching of peripheral devices. Block peripheral exploits, information leaks, eavesdropping, signal transmission, computer malware, hardware and firmware tampering by enforcing multilayered security mechanisms.
NIA
P PP PSS 3.0 CERTIFIED
C O M M O N C R I T E R I A
C o m p a n y p R o F I L E
seCurity CertifiCation terms
• Common CriTeriaThe Common Criteria (CC) for Information Technology Security Evaluation is an international standard (ISo/IEC 15408) for computer security certification. Common Criteria is used as the basis for a Government driven certification scheme. Evaluations are typically conducted for the use of Federal Government agencies and critical infrastructure. Common Criteria specifies Information Technology product security, functional and assurance requirements through the use of protection profiles (pps).
• proTeCTion profileprotection profile (pp) is a document which identifies threats and their corresponding security measures for a class of security devices (for example, Keyboard-Video-mouse (KVm) switching devices).
• niapThe national Information assurance partnership (nIap) is responsible for U.S. implementation of the Common Criteria. nIap manages a national program for developing protection profiles, evaluation methodologies, and policies that ensure achievable, repeatable, and testable requirements. In partnership with nIST, nIap also approves Common Criteria Testing Laboratories to conduct these security evaluations in private sector operations across the U.S.
• ealThe Evaluation assurance Level (EaL1 through EaL7) is the grade assigned to a product or system after completing a Common Criteria security evaluation which is based on a self-defined Target of Evaluation (ToE). nIap transitioned away from EaL and moved to protection profiles as it ensures that vendors who achieve the pp certification are all evaluated against a well-defined and standardized criteria (rather than self-defined evaluations in EaL).
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Testing Products
Manufacturing Products
De�ne Protection Pro�les
NSAUSERSINDUSTRY
INDUSTRY
CCTL
Publish Test Report
3
4
5
Published List of Products with CC PP
Certi�cation
Customers looking for Secure Products
1
2 CC. ORG
NIAP
C o m p a n y p R o F I L E
wHat’s new in PeriPHeraL sHaring switCH PP 3.0?
Legacy PP2.1
• Did not fully apprehend peripherals as a security threat.
• Focused mainly on the prevention of errors that originated from improper peripheral Sharing Switch (pSS) device installation and operator mistakes.
• pSS device vendors could apply minor modifications to their existing non-secure commercial products, in order to comply with the pp2.1 requirements.
newest PP3.0
• Brings an updated view that peripherals are vulnerable and can be used for abusing and penetrating secure environments.
• acknowledges that peripherals and peripheral sharing is unsafe unless achieved through a highly secure peripheral sharing device.
• To comply with the latest pp3.0 security requirements pSS device vendors must design the products as entirely secure.
major differences between the previous PP2.1 profile to the newest PP3.0
PP3.0 certified products are much more secure than PP2.1 products. the security accreditation of PP2.1 peripheral sharing switch devices is obsolete.
C o m p a n y p R o F I L E
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
ProduCt seCurity HigHLigHts
USB Security
Video Security
Mouse Security
Keyboard Security
Audio Security
Hardware Anti-
Tampering
Firmware Anti-
Tampering
C o m p a n y p R o F I L E
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Common PeriPHeraL vuLneraBiLities keyBoard and mouse
Keyboard and Mouse Threats Vulnerability Risk
Signal/Virus
• Programmable components may include malicious code and are vulnerable to manipulation.
• May include memory chips that can store data • Bi-directional keys (Num Lock, Scroll Lock, Cap Lock, Pause Break)
can be used to send and decode data between systems
Data leakage from one system to another
Keyboard and Mouse Security Solution Highlights
Unidirectional Optical Data Diodes
ü Allowing data to flow only in one direction, from the device- to-host computer. ü Preventing host-to-peripheral data flow eliminates data leakage through the shared peripheral.
ü Preventing host-to-host connectivity isolates all hosts from each other.
Hardware-based Peripheral Isolation per Port ü Each port is fully isolated from other ports.
Hardcoded HID Filter ü Accepts only USB HID Devices (Keyboard & Mice) rules out others. ü Hardcoded ASCII keyboard / mice characters. ü Incapable of processing any other code than HID-ASCII.
C o m p a n y p R o F I L E
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Common PeriPHeraL vuLneraBiLities video
Video Threat Vulnerability Risk
Signal/Virus
• Programmable components may include malicious code and are vulnerable to manipulation.
• Manipulating monitor settings can be used to send and decode data between systems
Data leakage from one system to another
Video Security Solution Highlights
Extended Display Identification Data (EDID) Emulation
ü Prevent direct access to the monitor’s Extended Display Identification Data (EDID). ü Dedicated, read-only, EDID emulation for each computer provides complete isolation.
No Shared Circuitry ü Computer video input interfaces are isolated through the use of different electronic components, power and ground domains.
Block Monitor Control Command Set (MCCS)
ü Ignore MCCS commands, so they cannot pass through and exploit the monitor’s internal memory.
C o m p a n y p R o F I L E
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Audio Threats Vulnerability Risk
Signal/Virus/Hot Microphone
• Programmable components may include malicious code and are vulnerable to manipulation.
• Manipulated sound card can reprogram a speaker into a microphone to act as an audio reception tool (e.g. microphone).
Data leakage and eavesdropping
Audio Security Solution Highlights
Unidirectional Diodes
ü Enforce computer-to-speaker, one-way flow of sound through unidirectional optical data diodes.
ü Prevent re-tasking of the audio line-in (headset/speaker) into a microphone line and thus block eavesdropping attempts by reprograming a speaker to act as an audio reception tool (e.g. microphone).
Common PeriPHeraL vuLneraBiLities audio
C o m p a n y p R o F I L E
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
USB Threats Vulnerability Risk
Virus
• Highly popular standard commonly used by computer and mobile users.• Provides on-the-fly high speed, bidirectional flow of data to and
from the computer.• Multifunctional port: numerous device types can connect through
the same physical port• Programmable components may include malicious code and are vulnerable to
manipulation.• Can be used to store/inject data.
Data leakage from one system to another
USB Security Solution Highlights
Block un-authorized USB ü Completely block and disable unauthorized USB devices and traffic
Secure & Dedicated Keyboard / Mouse Ports
ü Accepts only USB HID Devices (Keyboard & Mice) rules out others ü Refer to Keyboard & Mouse threats table for additional information
Biometric/Smart-Card reader support
ü Special secured port (fUSB) for smart-card/biometric reader with patented Freeze function to support user authentication across multiple isolated networks.
Filter USB Peripherals ü Whitelist and blacklist specific USB devices based on VID/PID characteristics.
Common PeriPHeraL vuLneraBiLities usB
C o m p a n y p R o F I L E
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Hardware Tampering Threats Vulnerability Risk
Implant malicious hardware • Open product and implant malicious hardware.
Data leakage and eavesdropping
Hardware Anti-Tampering Solution Highlights
Always-ON tamper evident system
ü Any attempt to open the product enclosure will activate an anti-tamper system making the product inoperable.
ü Blinking LEDs provide a clear indication of a tampering event. ü Special holographic tampering evident labels on the product’s enclosure provide a clear visual indication if the product has been opened or compromised.
Common PeriPHeraL vuLneraBiLities Hardware tamPering
C o m p a n y p R o F I L E
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
Firmware Tampering Threats Vulnerability Risk
Firmware Reprogramming
• Attempt to reprogram firmware components to include malicious code.
• Attempt to store/inject data.
Data leakage and eavesdropping
Firmware Anti-Tampering Solution Highlights
Tamper-proof electrical design
ü There is no access to the product’s firmware or memory through any port. ü Firmware is permanently stored on a nonreprogrammable Read Only Memory (ROM) to prevent any modification.
ü Firmware integrity is verified through a self-test procedure during power-up. Upon detection of a critical failure the device disables normal operation and provides the user with a clear visual indication of failure.
Common PeriPHeraL vuLneraBiLities firmware tamPering
C o m p a n y p R o F I L E
ProduCt HigHLigHts
FreezeAudio
Interact Simultaneously with Multiple
Computers
Share Peripherals
across Domains
Smoothly Switch
Computers (VDT)
Support 4K Video
Avoid Typing
Mistakes
Filter USB (fUSB)
Prevent Information
Leaks
KVM <-> KM
Native Touch Screen
Support
NIAP PP3.0 Certi�ed
Freeze USB
Flexible Screen Layout
User Friendly
MultiMonitor Support
C o m p a n y p R o F I L E
ProduCt HigHLigHts
Product Highlights
NIAP Common Criteria PP3.0 Certification
ü HSL Secure KVM/KM/Mini-Matrix products qualify to the latest NIAP Common Criteria Protection Profile version 3.0 (PP3.0) certification for peripheral Sharing Switch (PSS) devices.
Safely share peripherals across different security domains
ü Safely share peripherals between computers that belong to different security classifications levels while keeping the highest possible data separation security.
Prevent information leaks
ü Obstacle threats derived from sharing and switching of vulnerable, untrusted or unauthorized peripheral devices. Block peripheral exploits, information leaks, eavesdropping, signal transmission, computer malware, hardware and firmware tampering by enforcing multilayered security mechanisms.
Filter USB Peripherals ü Block unauthorized USB devices while allowing secure switching of smart card and biometric authentication devices between computers. Whitelist and blacklist specific USB devices based on VID/PID characteristics.
C o m p a n y p R o F I L E
ProduCt HigHLigHts
Product Highlights
Multi Monitor Support
ü KM - Support multi-monitor computers with up to 4 displays per computer in duplicate or extended modes. (Requires driver installation, currently available only for Windows.).
ü KVM/KVM Combiner/Mini-Matrix - Dual-head models, provide flexible presentation options by supporting duplicate and extend view modes to fit any use case scenario.
View applications in Ultra High Definition (UHD) 4K video quality.
User friendly ü Simplify user’s work in multi-computer environments.
Freeze USB ü Assign the USB port to a specific computer while switching the keyboard, video, mouse and audio between other computers. Useful for various scenarios, for instance, when a USB smart card reader must remain mapped to a certain computer.
Freeze Audio ü Assign the audio port to a specific computer while switching the keyboard, video, mouse and USB between other computers. Useful for scenarios where a user has to listen to audio originating from one computer while working on another computer.
C o m p a n y p R o F I L E
ProduCt HigHLigHts
Product Highlights
Keep up with future requirements through interchangeable KVM / KM functionality (KVM)
ü Adjust with versatile setup scenarios. The device can be configured in two modes, KVM and KM. In KVM mode (default) one display, keyboard and mouse set is shared between all computers. In KM mode each computer is connected to a separate display while keyboard and mouse are shared, thus allowing simultaneous work on multiple computers.
Avoid typing mistakes
ü Since two-way communication is blocked by the KVM security, keyboard lock LEDs do not function. Help users avoid typing mistakes by visually indicating the status of keyboard locks (CAPS-LOCK | NUM LOCK | SCROLL LOCK) on the product’s front facing panel.
Smoothly switch between computers (Virtual Display Technology)
ü Automatically switch control from one computer to another by dragging the mouse cursor over the computer’s display border. Peripherals switch to the next computer without having to press any buttons once the mouse is passing the display border.
Native touch screen support (KVM Combiner)
ü Interact with all the computers that are connected to the KVM Combiner using touch screen gestures. No need to install any driver or software.
C o m p a n y p R o F I L E
ProduCt HigHLigHts
Product Highlights
Flexible screen layout
ü KVM Combiner - Resize source scaling and aspect ratio to create Tile, Scale and Custom display layouts that fit user needs.
ü KVM Combiner - Present and work with up to 6 computers at the same time. Cascade combiners to view and control up to 36 (6x6) computers on a single or dual displays.
ü KM/Mini-Matrix - Support various display layouts (Align displays vertically (on top) / Horizontally (along side)...etc). Associate the mouse cursor with each computer based on its respective display position.
Work simultaneously on two computers, view the screens of four computers
ü Mini-matrix - Connect up to four computers and two displays to the Mini Matrix. Select which computer to present on each of the two attached displays. Displays can be positioned in various layouts (Horizontal / Vertical / Custom). Duplicate the screen of any computer by presenting it on both Mini-Matrix displays at the same time. Extend the screen of any computer to an additional 3rd and 4th external displays.
ü KM - Work simultaneously with multiple computers connected to multiple displays using one set of audio, keyboard and mouse peripherals (KM)
C o m p a n y p R o F I L E
4
produCTs: seCure swiTChingReview the key features and Product Connection Diagram of HSL’s secure switching products: KVM, KM, Mini-Matrix, Combiner.
Multiple Sources
Speakers
Single Keyboard & Mouse
Single Display
PC #4Top Secret
SECUREKVM SWITCH
SECUREKVM SWITCH
NIAPPP3.0
Certi�ed
C o m p a n y p R o F I L E
HsL kvm switCHes
Multiple Sources
Speakers
Single Keyboard & Mouse
Single Display
PC #4Top Secret
SECUREKVM SWITCH
SECUREKVM SWITCH
NIAPPP3.0
Certi�ed
• Safely share keyboard, video, mouse, audio and USB devices to simplify user experience when working with multiple computers while maintaining the highest isolation between computers and peripherals.
FreezeAudio
Interact Simultaneously with Multiple
Computers
Share Peripherals
across Domains
Smoothly Switch
Computers (VDT)
Support 4K Video
Avoid Typing
Mistakes
Filter USB (fUSB)
Prevent Information
Leaks
KVM <-> KM
Native Touch Screen
Support
NIAP PP3.0 Certi�ed
Freeze USB
Flexible Screen Layout
User Friendly
MultiMonitor Support
USB Security
Video Security
Mouse Security
Keyboard Security
Audio Security
Hardware Anti-
Tampering
Firmware Anti-
Tampering
C o m p a n y p R o F I L E
kvm setuP diagram
Smart-CardReader Computers
CONSOLE PORTS COMPUTER/SOURCE PORTS
fUSB CableAudio CableMouse CableDisplay CableKeyboard Cable
Audio Keyboard Mouse
Display
C o m p a n y p R o F I L E
kvm ProduCts taBLe
modelsk21d-3sk21H-3sk21P-3
dk22d-3dk22H-3dk22P-3dk22Pd-3
sk41d-3/du-3sk41H-3/Hu-3sk41P-3/Pu-3
dk42d-3/du-3dk42H-3/Hu-3dk42P-3/Pu-3
sk81du-3sk81Hu-3sk81Pu-3
dk82Hu-3dk82du-3dk82Pu-3
# of sources (inputs) 2 2 4 4 8 8
# of projected displays (outputs) 1 2 1 2 1 2
Keyboard & mouse ports USB USB & PS/2 USB & PS/2
USB Peripheral Port (fUSB) ✘ ✔ (U) ✔
Video SourceDVI-I HDMI DisplayPort
DVI-I HDMI DisplayPort
DVI-I HDMI DisplayPort
Computers (inputs) video Up to 4K-2K Ultra HD Resolutions (3840 X 2160 pixels)
Console (outputs) video Up to 4K-2K Ultra HD Resolutions (3840 X 2160 pixels)
C o m p a n y p R o F I L E
HsL km switCHes
PC #4Top Secret
PC #3Con�dential
PC #1Internet
PC #2Restricted
SECUREKM SWITCH
SECUREKM SWITCH
Move mouse to switch PCs
Multiple Sources
Speakers
Single Keyboard & Mouse
NIAPPP3.0
Certi�ed
• Work simultaneously with multiple computers connected to multiple displays using one set of audio, keyboard and mouse peripherals.
• Interact with multiple computers in real-time while maintaining the highest isolation between computers and peripherals.
• Directly connect separate display(s) to each computer and securely share keyboard, mouse, audio and USB devices.
FreezeAudio
Interact Simultaneously with Multiple
Computers
Share Peripherals
across Domains
Smoothly Switch
Computers (VDT)
Support 4K Video
Avoid Typing
Mistakes
Filter USB (fUSB)
Prevent Information
Leaks
KVM <-> KM
Native Touch Screen
Support
NIAP PP3.0 Certi�ed
Freeze USB
Flexible Screen Layout
User Friendly
MultiMonitor Support
USB Security
Video Security
Mouse Security
Keyboard Security
Audio Security
Hardware Anti-
Tampering
Firmware Anti-
Tampering
C o m p a n y p R o F I L E
km setuP diagram
Smart-CardReader
Computers
CONSOLE PORTS COMPUTER/SOURCE PORTS
Audio Keyboard Mouse
Displays
fUSB CableAudio CableMouse CableDisplay CableKeyboard Cable
C o m p a n y p R o F I L E
km ProduCts taBLe
model sm20n-3sm40n-3sm40nu-3
sm80n-3sm80nu-3
# of sources (inputs) 2 4 8
Max # of displays supported (Windows OS Only) 8 16 32
Keyboard & mouse ports USB USB & PS/2 USB & PS/2
USB Peripheral Port (fUSB) ✘ ✔ (U) ✔ (U)
C o m p a n y p R o F I L E
HsL mini-matrix switCHes
PC #4Top Secret
PC #1Internet
SECUREMINI-MATRIX
SECUREMINI-MATRIX
Move mouse to switch PCs
Multiple Sources
Speakers
Single Keyboard & Mouse
NIAPPP3.0
Certi�ed
• optimize user experience when working with multiple computers. View and control two out-of-four computers at the same time whilst securely sharing keyboard, video, mouse, audio and USB devices.
• provides increased productivity in challenging multi-computer environments where users are required to view and interact with several computers while maintaining the highest isolation between computers and peripherals.
FreezeAudio
Interact Simultaneously with Multiple
Computers
Share Peripherals
across Domains
Smoothly Switch
Computers (VDT)
Support 4K Video
Avoid Typing
Mistakes
Filter USB (fUSB)
Prevent Information
Leaks
KVM <-> KM
Native Touch Screen
Support
NIAP PP3.0 Certi�ed
Freeze USB
Flexible Screen Layout
User Friendly
MultiMonitor Support
USB Security
Video Security
Mouse Security
Keyboard Security
Audio Security
Hardware Anti-
Tampering
Firmware Anti-
Tampering
C o m p a n y p R o F I L E
mini-matrix setuP diagram
Smart-CardReader Computers
CONSOLE PORTS COMPUTER/SOURCE PORTS
Audio Keyboard Mouse
Secondary Display Primary Display
fUSB CableAudio CableMouse CableDisplay CableKeyboard Cable
C o m p a n y p R o F I L E
mini-matrix ProduCts taBLe
modelsx22d-3sx22H-3
sx42du-3sx42Hu-3sx42Pu-3
# of sources (inputs) 2 4
# of projected displays (outputs) 2 2
Keyboard & mouse ports USB USB & PS/2
USB Peripheral Port (fUSB) ✘ ✔
Video Source DVI-I HDMI
DVI-I HDMI DisplayPort
Computers (inputs) video Up to 4K-2K Ultra HD Resolutions (3840 X 2160 pixels)
Console (outputs) video Up to 4K-2K Ultra HD Resolutions (3840 X 2160 pixels)
C o m p a n y p R o F I L E
HsL kvm ComBiner
PC #4
PC #3
PC #1
PC #2
SECUREKVM COMBINER
SECUREKVM COMBINER
Move mouse to switch PCs
Multiple Sources
Speakers
Single Keyboard & Mouse
• Interact with multiple computers presented on the same display at the same time using a single set of audio, keyboard, video and mouse peripherals.
• provides increased productivity in challenging multi-computer environments where users are required to view and interact with several computers at the same time.
• optimize user experience while maintaining the highest isolation between computers and peripherals.
FreezeAudio
Interact Simultaneously with Multiple
Computers
Share Peripherals
across Domains
Smoothly Switch
Computers (VDT)
Support 4K Video
Avoid Typing
Mistakes
Filter USB (fUSB)
Prevent Information
Leaks
KVM <-> KM
Native Touch Screen
Support
NIAP PP3.0 Certi�ed
Freeze USB
Flexible Screen Layout
User Friendly
MultiMonitor Support
USB Security
Video Security
Mouse Security
Keyboard Security
Audio Security
Hardware Anti-
Tampering
Firmware Anti-
Tampering
C o m p a n y p R o F I L E
kvm ComBiner setuP diagram
Smart-CardReader Computers
CONSOLE PORTS COMPUTER/SOURCE PORTS
Audio Keyboard Mouse
Display
fUSB CableAudio CableMouse CableDisplay CableKeyboard Cable
C o m p a n y p R o F I L E
kvm ComBiner ProduCts taBLe
model sC21H-3sC42du-3sC42Hu-3
sC62Hu-3
# of sources (inputs) 2 4 6
# of projected displays (outputs) 1 2 2
Keyboard & mouse ports USB USB & PS/2 USB & PS/2
USB Peripheral Port (fUSB) ✘ ✔ ✔
Video Source HDMIDVI-I HDMI
HDMI
Computers (inputs) video Up to 4K-2K Ultra HD Resolutions (3840 X 2160 pixels)
Console (outputs) video Up to 4K-2K Ultra HD Resolutions (3840 X 2160 pixels)
Touch screen support ✘ ✔ ✔
C o m p a n y p R o F I L E
5
produCTs: seCure peripherals & auThenTiCaTionReview HSL’s secure peripherals and authentication products: Isolator, Headphone-Diode, USB Filter, USB Plug, MDR.
TO
P SECRET NETW
OR
K
CO
NF I D E N T
IA
L
C o m p a n y p R o F I L E
seCure HeadPHone diode
• Enforce computer-to-speaker, one-way flow of sound through unidirectional optical data diodes.
• prevent eavesdropping and line-in re-tasking by blocking speaker-to-computer communication.
Computer or Matrix
Audio
USB for Power
Secure Headphone Diode Speakers /
Headphone
Audio
C o m p a n y p R o F I L E
HsL isoLator
• prevent compromised peripherals from infecting computers.
• Isolator ensures that video, audio and USB data flows in a single direction thus preventing shared-peripheral-threats from compromising the computer.
• protect against leakage and malicious attacks through shared Keyboard, Video, mouse, USB and audio devices.
• Isolate computers in meeting/control/trade rooms from vulnerable peripherals that are shared between multiple computers.
• Isolate computers from display solutions that share a single display between multiple sources.
• protect classified computers in matrix-environments from shared-peripheral-threats originating from guest laptops or internet-access computers that connect to the same matrix.
Display or ProjectorComputer or Matrix HSL KVMA
Security IsolatorVideo
USB KB & Mouse
Audio out
Video
USB KB & Mouse
(HKS100I only)
(HKS100I only)
Audio outMOUSE KB AUDIO OUT VIDEO OUT
C o m p a n y p R o F I L E
seCure usB PLug
usB plug - elock• Electronically tagged mechanical USB plug
that physically locks individual USB ports with internal strong authentication chip. Forced removal triggers an alert and permanently damages the USB port.
steel plate extension • Blocks multiple USB ports with only one
eLockUSB plug. mount the metal plate together with the USB eLock plug to block a group of USB ports with a single plug.
C o m p a n y p R o F I L E
seCure usB Hid fiLter
hardcoded hid filter• accepts only USB HID Devices (Keyboard/mice) and rules out others
• passes only standard keyboard and mouse reports
• Blocks all other traffic
• Highly secure, read only non-programmable chip
Configurable filter• USB-ID based filter
• accept USB devices based on unique identifiers such as Serial/HID/VID/Class ID, etc.
• Configurable identifiers to fit with specific customer peripherals
C o m p a n y p R o F I L E
seCure muLti-domain smart Card reader (mdr)
• Unique: one-to-many approach. allowing 1x smartcard for simultaneous work on multiple pCs.
• Reduce overall smartcard operational costs, buy less cards and less readers.
• minimize smartcard administrative overhead.
• Increased security, easily enforce smartcard authentication on all pCs.
• Increased security, card removal resets all pC sessions, no pC is left unsecure.
• minimize user learning curve and overhead.
• auto-association, dynamically map the smartcard to the pC that requires access to it.
Computers
Smart Card
User
Multi DomainSmart Card Reader
C o m p a n y p R o F I L E
6
produCTs: non-seCureReview HSL’s non-secure products: Switching solutions, MMC.
KVMKVM
PC #4
C o m p a n y p R o F I L E
switCHing ProduCt HigHLigHts
• Copy & Paste Copy and paste text and files between all the computers that are connected through the Km/KVm/mini-matrix/Combiner.
• super speed usB 3.0 Port Share the newest peripherals between computers through the KVm’s USB 3.0 peripheral ports and benefit from super-speed data transfer rates.
• High Power for express Charging Enjoy express mobile device charging times through a high-power USB port.
THanK yoU
For more information, please visit www.highseclabs.com