38
7X24 MAGAZINE FALL 2015
If we’ve learned anything from, OPM, Target, Sony, JP
Morgan Chase, eBay or any of the countless other high-
profile, high-cost cyberattacks of the past two years, it’s
this: there are vulnerabilities everywhere. Hackers can
pillage companies or agencies through anything
connected to the network … and today, everything is
connected to the network.
We live in the era of the Internet of Things. Hyper-
connectivity isn’t just possible, it’s swinging the
pendulum between success and failure for multi-billion
dollar businesses. Device-to-device communication
streamlines everything we do, and visibility and
management of these connected systems enables
increased productivity and efficiency. But there’s a
catch; every one of those connections creates a
potential vulnerability, and there are plenty of smart
people with bad intentions trying to exploit them.
Simply put, everything from the heart of the data center
to any desktop, laptop, keyboard or mouse connected
to the network is a potential risk.
Do I have your attention?
The evoluTion of neTwork
securiTy
Even some of today’s best Intrusion Detection Systems
aren’t enough to stop all of today’s advanced persistent
threats, which are designed to burrow into the network
from virtually anywhere and siphon data over time
undetected. It’s critical to identify and secure access
points to avoid, mitigate or manage data breaches.
That task includes often-overlooked computing
peripherals. These are devices that by their nature are
difficult to secure, because so many people have
access to them. Keyboards, video monitors, even the
mouse—anything that could be connected to a KM or
KVM switch—falls under this umbrella. These are the
devices the National Information Assurance Partnership
(NIAP) sought to secure with the release earlier this
year of the Protection Profile for Peripheral Sharing
Switch version 3.0 (PP 3.0).
The previous protection profile dealt with the pre-2000
security landscape, but cybersecurity must evolve as
threats become more advanced. PP 3.0 includes
security enhancements for modern peripheral switching
technologies and standards designed to (1) defend
against these evolving threats, and (2) provide
assurance that the switch will not propagate attacks if
they occur. These standards require the following:
u
Higher isolation between computer ports from digital
and analog leakages.
u
Optical data diodes to enforce unidirectional data
flows.
u
Much stronger protection for USB ports.
u
Complete isolation of power domains to prevent
signaling attacks.
u
Analog audio diodes to prevent audio eavesdropping
(TEMPEST levels).
u
Emulation of display EDID, keyboard and mouse to
avoid direct contact between computers and shared
peripherals.
by
Michael Parvin