ADDERView Secure Analogue Enhanced Manual

							AVSV1002	(2	port)
AVSV1004	(4	port)
AVSC1102	(2	port)
AVSC1104	(4	port)
AdderView Secure
User Guide

www.adder .comSECURE
ADDER VIEW
}  
						

							



1


SECT 1
Contents
IMPORTANT: Before using this product .....................................2
Welcome
Introduction ........................................................................\
.........3
Model features ........................................................................\
....4
AdderView Secure - front and rear layout .................................5
Devices used with the AdderView Secure ..................................6
Keyboard devices ....................................................................6
Mouse devices ........................................................................\
.6
Smartcard devices (supported only on enhanced models) ...7
Keyboards with integrated smartcard readers  
(supported only on enhanced models)  .................................8
Standard items ........................................................................\
.....9
Additional items ........................................................................\
..9
Installation
Locations ........................................................................\
............10
Cabling recommendations ........................................................10
Tamper-evident seals.................................................................10
Links overview ........................................................................\
...10
Mounting ........................................................................\
...........11
Making connections ..................................................................12
Connections to computer systems .......................................12
Connections to user console peripherals .............................12
Video display (EDID) information ........................................14
Connection to power supply ................................................15
Operation
Important security features ......................................................16
Tamper-evident seals ............................................................16
The security indicators ..........................................................16
Anti-subversion monitoring (enhanced models only) ........16
Authentication checking (enhanced models only) .............17
Selecting computers ..................................................................18
Smart card reader ......................................................................18
Further information
Troubleshooting ........................................................................\
19
Summary of threats and solutions ............................................19
Getting assistance ......................................................................21
Warranty ........................................................................\
............22
Safety information ....................................................................22
Lithium battery ........................................................................\
..22
Radio Frequency Energy............................................................23   
						

							



2


IMPORTANT: Before using this product
Prior to use, a prospective user of the product should ensure that indiv\
iduals 
with the appropriate authority implement the following objectives in the\
 
environment where the product is to be used:
•	 The	operational	environment	procedures	must	ensure	that	all	users	are	duly	
authorized and possess the necessary privileges to access the informatio\
n 
transferred via the product. This should be implemented physically and i\
n 
terms of supporting IT infrastructure.
•	 Operational	procedures	must	(e.g.	re	staff	vetting	and	training)	ensure	
that, as far as is reasonably possible, the product is received, install\
ed and 
managed in accordance with the manufacturer’s directions. This should\
 also 
ensure that users are not malicious or hostile.
•	 The	product	should	be	installed	in	an	environment	that	is	physically	secure.
Additionally, the security office in the organisation purchasing the p\
roduct 
should be aware the product is not responsible for security vulnerabilit\
ies in 
computers, IT components or peripherals outside its physical boundary. T\
he 
security of other system components connected to the product will requir\
e 
separate management to ensure IT security best practice.   
						

							



3


SECT 2
Welcome
Introduction
The AdderView Secure range of products are highly robust KVM switches fo\
r 
critical applications. When information absolutely must not be leaked be\
tween 
systems or networks, the AdderView Secure units combine the necessary 
isolation with a desirable ease of use. 
AdderView Secure units combine a number of overlapping strategies that a\
re 
designed and proven to defeat potential points of infiltration or prot\
ect against 
user error.  
Firstly, all channel switching is controlled only from the front panel b\
uttons. No 
keyboard or mouse switching commands are permitted. 
Secondly, Data Diodes, implemented within hardwired electronic circuitry, rather 
than software, are liberally employed to ensure that critical data paths\
 can flow 
only in one direction. These data diodes ensure that a compromised perip\
heral, a 
keyboard for instance, cannot read information back from a connected sys\
tem in 
order to transfer such details to another system. Whenever a channel is \
changed, 
the connected keyboard and mouse are always powered down and re-initiali\
zed 
to provide yet another level of protection against hidden peripheral mal\
ware.  
In general, the role of software within the unit has been reduced to an \
absolute 
minimum to avoid the possibility of subversive reprogramming. Additional\
ly, all 
flash memory has been banished from all security critical areas of the\
 design, to 
be replaced by one-time programmable storage which cannot be altered. 
The outer casing contains extensive shielding to considerably reduce ele\
ctromagnetic 
emissions. Additionally, the casing has been designed with as few apertu\
res as 
possible to reduce the possibility of external probing and several prima\
ry chassis 
screws are concealed by tamper-evident seals to indicate any unauthorize\
d 
internal access. Shielding extends also to the internal circuitry with s\
trong levels 
of electrical crosstalk isolation between ports to protect against signa\
ls from one 
computer becoming detectable on another.
AdderView Secure units are available in two port and four port sizes. Ea\
ch size 
can be ordered in standard and enhanced versions. The enhanced versions \
allow 
you to attach a smart card reader that can be securely shared between th\
e 
connected systems. The enhanced versions also contain anti-subversion and 
authentication features that guard against intrusion and allow you to prove 
that the unit is genuine, respectively.
These are just a few of the many strategies and innovations that have be\
en 
combined to reinforce the separation between differing systems. Numerous\
 
other defences lie in wait to defeat any potential threat. 
Various strategies are employed to ensure complete separation between the switched channels: •	 One-way	Data Diodes are used on keyboard and mouse communication channels so that data isolation does not rely on software.•	 The	keyboard	and	mouse	are	powered	down	and	re-initialized	during	every	channel switch to ensure that they cannot act as transport media for malicious data between computers. •	 Careful	shielding	and	separation	strategies are used to ensure that data doesn’t crosstalk between channels or leak	to	the	outside	world	via	radiated	or conducted mechanisms.
PC 2PC 3PC 4PC 1
Hard	wired	One-way Data Diodes enforce	a	one-way	flow on information
Individually	colored	indicators	provide	clear	visual	feedback	about	the	currently selected channel
Channel	switching	is by physical button press only, no keyboard or mouse codes are permitted
Common	keyboard,	mouse	and	video	monitor are able to access multiple high security computers/networks, safe in the knowledge that data will not be transferred from one to another, either by user error or subversive	attack.	
The	switching	section	is	hard	wired to allow only one channel to be selected at any time.     
						

							



4


Model features
There are four models within the AdderView Secure range. Their varying 
features are summarized as follows: 
 Standard	2-port	 Standard	4-port	 Enhanced	2-port	 Enhanced	4-port
	AVSV1002-XX	 AVSV1004-XX	 AVSC1102-XX	 AVSC1104-XX
Uni-directional keyboard / mouse data paths ü ü ü ü
High port-to-port crosstalk isolation ü ü ü ü
Heavy shielding for low emissions ü ü ü ü
Single key per port for selection ü ü ü ü
USB or PS/2 computer connections ü ü ü ü
Tamper protection ü ü ü ü
Secure DDC EDID strategy ü ü ü ü
Smartcard reader support    ü ü
Combined keyboard/smartcard reader support    ü ü
Advanced tamper protection / reporting    ü ü
Authentication function    ü ü   
						

							



5


www.adder .comSECURE
ADDER VIEW
CONSOLE
INDOOR USEONLY
5V 2.5A2413
AdderView Secure - front and rear layout
The AdderView Secure is housed in an electromagnetically shielded robust\
 casing that measures just [w x d x h] 
9.25”	x	5.9”	x	1.73”	(235mm	x	150mm	x	44mm)	-	the	height	is	1U	within	a	19”	rack.	All	channel	switching	is	
achieved solely using the front panel buttons which are clearly indicate\
d, as are the rear panel connections.
Switching is controlled solely by the clearly labeled front panel button\
sEach selected channel is represented by an individually colored indicato\
r to provide additional visual feedback.
Optional	smart	card	reader	An optional smart card reader can be connected and used in conjunction with user authentication schemes.
Secure and shielded casingThe casing is shielded to reduce electromagnetic emissions to an absolute minimum, access apertures are minimized and vital access screws have tamper-evident seals.
Clear	and	simple	connectionsAll connections are clearly marked to avoid any ambiguity. Specially designed foil and braid shielded multi-connection cables are used for the system links.
www .adder .comSECURE
ADDER VIEW
2	port	version
2	port	version
CONSOLE
INDOOR USEONLY
5V 2.5A21
Clear	error	indicationOn	enhanced	models,	any	unexpected	operation	will	be	signalled	by	these indicators, accompanied by complete isolation of all channels. See Anti-subversion monitoring for details. The indicators are also used when authenticating enhanced models.      
						

							



6


Devices used with the AdderView Secure
Keyboard devices
The keyboard used with the switch must be approved against the security \
policy of your organization and must be plugged directly into the switch\
’s USB 
keyboard port with no adapters or converters.
During the life of the product, the user should make periodic checks to \
ensure 
that the keyboard remains directly connected into the switch’s USB ke\
yboard 
port. 
The keyboard is powered down and reset at every switchover to clear stor\
ed 
states.
Mouse devices
Although pointing devices don’t generally process confidential data and are 
therefore considered to pose a lower risk, you should ensure that the mo\
use 
used with the switch is approved against the security policy of your org\
anization 
and plugged directly into the switch’s USB mouse port with no adapter\
s or 
converters. 
The mouse is powered down and reset at every switchover to clear stored \
states.
CONSOLE
INDOOR USE O NLY
5V 2.5 A
CONSOL ECONSOLE
INDOOR USE O NLY
5V 2.5 A
CONSOLE   
						

							



7


Smartcard devices (supported only on enhanced models)
The smartcard reader and smartcards, used with enhanced models of the sw\
itch 
(AVSC1102-XX	and	AVSC1104-XX),	must	be	approved	against	the	security	
policy of your organization. The smartcard reader must be plugged direct\
ly into 
the switch’s USB card reader port with no adapters or converters. The\
 smartcard 
reader is powered down and reset at every switchover to clear stored sta\
tes.
Smartcards may contain memory that can be both readable and writable. Ca\
re 
must therefore be taken when configuring a system using smartcards.
The smartcard system inside the switch is designed to introduce no great\
er risk 
than would be present if each computer had a separate card reader and th\
e 
card was moved between them. To achieve this, the switch provides a laye\
r 
of isolation between the computers and the shared card reader. This prot\
ects 
against threats involving sharing a physical card reader hardware device\
. As 
an additional precaution against theoretical leakage threats, the circui\
try 
associated with providing the generic card reader function is powered do\
wn 
and its memory is actively cleared at every channel switchover. The swit\
ch does 
not decode or store the smartcard data flowing between the computer an\
d the 
smartcard itself.
CONSOLE
INDOO RUS E O NLY
5V 2.5 A
CONSOLE
When using enhanced models, if smartcard capabilities are not required f\
or 
a	particular	computer,	then	use	a	non-smartcard	cable	(without	the	yellow	
smartcard	connector).	This	will	ensure	that	the	computer	does	not	see	any	
smartcard reader function as all the smartcard functionality is presente\
d to the 
computer on the yellow USB connector only. Any computers that would not \
normally have card readers connected should not be connected to the swit\
ch 
using the yellow USB connector.
Smartcard access required?: ü 
Use cable set: VSCD6
Smartcard access required?: û 
Use cable set: VSCD7
Note: Standard models of the switch (AVSV1002-XX and AVSV1004-XX) also\
 
have a smartcard USB socket at the rear panel (labeled ), however, it is not 
functional on these models.    
						

							



8


Keyboards with integrated smartcard readers  
(supported only on enhanced models) 
A	combined	keyboard/smartcard	reader	(and	smartcards),	used	with	enhanced	
models	of	the	switch	(AVSC1102-XX	and	AVSC1104-XX),	must	be	approved	
against the security policy of your organization. The combined keyboard/\
smartcard reader must be plugged directly into the switch’s USB card \
reader 
port with no adapters or converters. 
During the life of the product, the user should make periodic checks to \
ensure 
that the combined keyboard/smartcard reader remains directly connected i\
nto 
the switch’s USB smartcard port.
The combined keyboard/smartcard reader is powered down and reset at ever\
y 
switchover to clear stored states.
The keyboard data and smartcard data are separated from each other as so\
on as 
they enter the switch. The keyboard data is then sent uni-directionally \
through 
the	switch	in	the	same	way	that	data	from	a	simple	keyboard	is	processed.	Only	
the smartcard data is handled by the smartcard circuit.
CONSOLE
INDOOR USE O NLY
5V 2.5 A
CONSOLE
Note: Standard models of the switch (AVSV1002-XX and AVSV1004-XX) also\
 
have a smartcard USB socket at the rear panel (labeled ), however, it is not 
functional on these models.    
						

							



9


www.a dder .com
SECURE
ADDER VIEW
5V, 2.5A Power supply plus country-specific	mains	cable
Standard itemsAdditional items
AdderView Secure(four	port	model	shown)
CD-ROM
Rack	bracketsIncluding four screws
Shielded link cable (VGA, PS/2 keyboard, PS/2 mouse)Part	code:	VSCD5	(length	1.8m/6ft)
Shielded link cable (VGA, USB keyboard/mouse, USB card reader)Part	code:	VSCD6	(length	1.8m/6ft)
Shielded link cable (VGA, USB  keyboard/mouse)Part	code:	VSCD7	(length	1.8m/6ft)
Shielded link cable (VGA only)Part	code:	VSCD9	(length	1.8m/6ft)
Four	self-adhesive	rubber feet