How Government Agencies Use KVM for Physical Network Security
KVM has more than one meaning. For the U.S. DoD, physical KVM devices mean extra security.
KVM is a disambiguated tech acronym. Sometimes it can refer to Kernel Virtual Machine, which is Linux virtualization technology. It can, however, also refer to something that is the polar opposite, in that it is very much physical.
Keyboard, Video and Mouse, or KVM, switch devices have been around since the dawn of the computer age. With a KVM device, a user can connect multiple physical computers and their associated network interfaces to a single keyboard, monitor, and mouse. In the modern world, where virtualization (like the other KVM) is the norm, it might seem odd that there's still a need for physical KVM.
As it turns out, there are still multiple use cases, such as in U.S. Defense agencies. Technology vendor Belkin is now releasing a new Secure DisplayPort KVM switch specifically geared for the demands of highly secure network environments.
Luis Artiz, director of product management in Belkin's business division, explained to Enterprise Networking Planet that his company has been in the KVM switch space for the last seven years. The new DisplayPort KVM switch works with the DisplayPort monitor interface, an alternative to legacy VGA and DVI connectors.
The government's defense agencies have a particular need for secure KVM switches for its workers.
"Every time a network needs to be accessed within DoD agencies, it's not like a regular enterprise, where one desktop user has access to multiple drives," Artiz said.
Artiz explained that the way DoD agency workers access different networks is over a physically separate LAN that runs in a given building. He added that in many cases, the entire LAN cabling system is also color coded.
"So whenever you see a purple cable, it means something different than a blue or red cable," Artiz said. "All those servers, networks and printers are all separate and come together at the user's desk, with the KVM switch."
With a non-secure KVM, all of the information from the keyboard, mouse and monitor occurs in one switching location inside of the KVM switch. As such, a KVM switch can be a potential risk to enable unauthorized access across multiple networks.
"Secure KVM is built such that each network is physically separated from each other," Artiz said. "Internally we have optical data diodes, which is basically a one directional data valve."
As such, when information enters the KVM it can't go anywhere that it isn't supposed to go. The optical data diodes actually impact usability in a small way as well.
"When you plug a keyboard into a SecureKVM, the little lights on the keyboard for function or number lock don't light up," Artiz said. "The reason is we're not sending any information from the computer back to the keyboard, since the KVM won't allow it."
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.