Tripp Lite's KVM Switch Plugs Internal Security Holes

While it's impossible to say where the next hacker attack might come from, statistics show that a majority originate from inside the targeted organization. Helping prevent such attacks is Tripp Lite, which in January added two- and four-port NIAP-certified USB Secure KVM Switches to its line of switches and console servers for the data center.

For testing, the power protection company sent the CRN Test Center a B002-DUA4 4 Port DVI / USB Secure KVM Switch with Audio, a four-port model designed to provide secure keyboard, monitor and mouse sharing for as many as four computers. NIAP refers to the National Information Assurance Partnership, an effort administered by the U.S. government and operated by the NSA to foster use of security best practices by industry.

The units are NAIP-certified compliant with the Common Criteria EAL2+ requirements. Security features include a tamper-evident chassis with intrusion detection, USB usage restricted to designated devices (storage and other non-human interface devices are ignored), channel isolation and automatic keyboard buffer clearing. This latter feature makes it impossible to transfer data between connected systems.

The B002-DUA4 is quite compact for a four-port unit, measuring less than two-inches-high, by 13-inches-wide and six-inches-deep. Tripp Lite sent four of its six-foot DVI station cables with mic and stereo audio jacks for testing. Connectors feel rugged enough to withstand the rigors and constant reconfigurations of the data center. Audio connectors include protective covers that remain captive when removed.

We particularly liked the unit's LEDs, which indicate by color (with a separate row of green and amber) not just the selected station, but also the number of connected stations and their status. All connections seat firmly and the DVI connector is made fast with thumb-screws that also can be operated with a flat-head screwdriver.

A tamper-evident label and warning sticker clearly alert would-be attackers that the unit will permanently fail once the case has been opened. The unit's firmware can not be reprogrammed. To make it bullet proof from warehouse to end-user, Tripp Lite might consider shipping the B002-DUA4 in a tamper-evident box, as we've seen with at least one other secure KVM.

At a list price of $920, the single-monitor, digital-only B002-DUA4 is clearly not for every organization. But the CRN Test Center does find a lot to like about Tripp Lite's NIAP-certified USB Secure KVM Switches, and we recommend them for government, military, intelligence, financial, health-care and similarly security-conscious customers.