3 WelcomeIntroductionThe AdderView Secure range of products are highly robust KVM switches forcritical applications. When information absolutely must not be leaked betweensystems or networks, the AdderView Secure units combine the necessaryisolation with a desirable ease of use.AdderView Secure units combine a number of overlapping strategies that aredesigned and proven to defeat potential points of infiltration or protect againstuser error.Firstly, all channel switching is controlled only from the front panel buttons. Nokeyboard or mouse switching commands are permitted.Secondly, Data Diodes, implemented within hardwired electronic circuitry, ratherthan software, are liberally employed to ensure that critical data paths can flowonly in one direction. These data diodes ensure that a compromised peripheral, akeyboard for instance, cannot read information back from a connected system inorder to transfer such details to another system. Whenever a channel is changed,the connected keyboard and mouse are always powered down and re-initializedto provide yet another level of protection against hidden peripheral malware.In general, the role of software within the unit has been reduced to an absoluteminimum to avoid the possibility of subversive reprogramming. Additionally, allflash memory has been banished from all security critical areas of the design, tobe replaced by one-time programmable storage which cannot be altered.The outer casing contains extensive shielding to considerably reduce electromagneticemissions. Additionally, the casing has been designed with as few apertures aspossible to reduce the possibility of external probing and several primary chassisscrews are concealed by tamper-evident seals to indicate any unauthorizedinternal access. Shielding extends also to the internal circuitry with strong levelsof electrical crosstalk isolation between ports to protect against signals from onecomputer becoming detectable on another.AdderView Secure units are available in two port and four port sizes. Each sizecan be ordered in standard and enhanced versions. The enhanced versions allowyou to attach a smart card reader that can be securely shared between theconnected systems. The enhanced versions also contain anti-subversion andauthentication features that guard against intrusion and allow you to provethat the unit is genuine, respectively.These are just a few of the many strategies and innovations that have beencombined to reinforce the separation between differing systems. Numerousother defences lie in wait to defeat any potential threat.Various strategies are employed to ensure completeseparation between the switched channels:• One-way Data Diodes are used onkeyboard and mouse communicationchannels so that data isolation doesnot rely on software.• The keyboard and mouse are powereddown and re-initialized during everychannel switch to ensure that theycannot act as transport media formalicious data between computers.• Careful shielding and separationstrategies are used to ensure that datadoesn’t crosstalk between channels orleak to the outside world via radiatedor conducted mechanisms.PC 2 PC 3 PC 4PC 1Hard wired One-way Data Diodesenforce a one-wayflow on informationIndividually coloredindicators provide clearvisual feedback about thecurrently selected channelChannel switchingis by physicalbutton press only,no keyboard ormouse codes arepermittedCommon keyboard, mouse and videomonitor are able to access multiplehigh security computers/networks,safe in the knowledge that datawill not be transferred from oneto another, either by user error orsubversive attack.The switching section is hardwired to allow only one channelto be selected at any time.