Head of Production Management
TRUE KVM: Making keyboard video mouse systems secure by design
The objective for the previous Part 1 was to provide an introduction what we mean by relying on a Secure Core architecture for a TRUE KVM system by introducing 7 hypothesis for evaluating solutions.
- Technically, KVM systems can be separated into two technical solutions which are very close to each other in terms of system performance.
- Commercially, open standard solutions typically offer lower cost of acquisition (larger markets provide better economies of scale).
a. Lower capex for IP based systems.
b. Difficult to assess, hidden operating cost during system lifetime.
c. Some customers don´t take this total cost of ownership (TCO) into account.
- KVM systems support a wide variety of applications with varying needs of security.
a. Public safety and military applications.
b. This is now expanded to include what is coined critical infrastructures (public safety, military, power and water supply, core telecommunication infrastructures).
c. Mission critical commercial process control in nearly any industry vertical.
d. Non mission critical commercial and governmental applications (office infrastructures with limited real-time needs).
- Increasing number of cyber-attacks within connected IP networks (aka the Internet), generally increase the risk of wide area and large-scale network outages.
- Most cyber-attacks exploit technical and human or process vulnerabilities and are, as such, difficult to defend against.
- Increasing number of intelligent devices with automatic machine communication (IoT, IIoT, M2M communication, autonomous driving, etc.) increases traffic volume and mixes physical and logical network infrastructure thus increasing the overall risk of being a victim of a successful attack.
- The discussion about technology selection is more driven by the needs of suppliers not the needs of users and customers.
In Part 1, we addressed the first one and in this Part 2, we are going to continue to evaluate the next 2 hypothesis relevant for a secure operation of KVM systems.
Addressing Hypothesis 2
Cost is a key factor in any purchasing decision. Installing a KVM system requires connecting the target servers or PCs to the KVM switch as well as connecting the switch to the user stations. A dedicated KVM network burdens the system with the entire cost of this network. It is a compelling proposal to share this cabling infrastructure with other use cases. This mixed application would significantly lower the investment for the KVM system. As mentioned before, it would increase the complexity in network planning and configuration to avoid dropped mission critical packets due to unpredictable network usage by a large user group outside the KVM system.
To truly avoid this, a clear separation of the two networks is required. In this case, the cost based selection is down to the CAPEX of the actual KVM components (KVM Switch and endpoint connections) and the maintenance of the system. In a dedicated system, the KVM system manufacturer is responsible for ensuring and testing compliance whenever software functionality upgrades or updates are installed. In case the end user customer wishes to exploit volume discounts from a preferred IP switch vendor, compatibility testing lies with the end user customer. Cisco´s Nexus 4001I switch for example received 8 upgrades/updates in the last 5 years. That equates to 1.6 compliance tests for the KVM system per year to maintain an up to date infrastructure which otherwise might become vulnerable to cyber-attacks or to ensure that previous configurations still achieve satisfactory results in high load situations.
Locking the IP switch brand to the one recommended by the KVM manufacturer eliminates the cost advantage of volume IP gear discounts. In order to properly compare the cost of different KVM systems, it is strongly advised to assess the required CAPEX at time of purchase and to look into the estimated annual cost of operations (OPEX) and calculate the total cost of ownership (TCO) for a typical period of seven to ten years operation for a KVM system.
Addressing Hypothesis 3
Security: assess your hierarchy of needs.
As mentioned before, the growing number of cyber-attacks has changed the classification of what is important in a country or local area of responsibility. The emergence of critical infrastructures clearly is not only driving public awareness for the requirement to guard security of the control centers managing this infrastructure but has also increased the sensitivity of the public to pay attention and to raise the expectation for efforts undertaken to protect the well-being of the public.
Critical infrastructures are those essential to maintain an orderly conduct of the public. While previously, this applied to physical security ensured by public safety organizations and eventually the military, it is now also applied to those networks that are essential for the functioning of our society. As a result, electrical energy production and distribution are now considered critical. The same applies to the distribution of clean drinking water which is also dependent on the availability of electrical power to run pumps.
As we begin to realize how interdependent our world is, including transportation and traffic management, the definition of critical infrastructures makes total sense. From a commercial perspective, a chemical company may not be considered critical, however a catastrophic control failure may lead to hazardous emissions. And even when your business does not pose hazardous threats, a number of processes are most likely vital for success and survival of the company. As such, they are mission critical for anyone installing a KVM system to control the production or distribution processes.
Once the risk class is understood, technical precautions have to be selected and implemented accordingly. Can the network be shared with non-critical applications. How can these applications be clearly separated and secured in terms of infrastructure components, operating systems, protocol stacks, payload encryption or control data encryption. IP systems rely on physical network connectivity and enable a logical separation of different classes of services. To ensure a secure environment, all applications need to be understood, properly configured and never compromised by shortcuts (e.g.: the USB stick brought from home, adding a not approved/configured switch to extend capacity “for a short test”, etc.). These temptations have to be anticipated and need to be taken care of technically as well as making users aware of potential risks.
Another solution is of course to select a dedicated, line switched system that does not offer such vulnerabilities.
If you would like to discuss TRUE KVM with me in more detail, please leave a comment, send me a message or contact our technical support or sales teams at an IHSE office near you. We are here to help you get the most out of your KVM system.