In September, police arrested criminals for plotting to steal millions of dollars from the United Kingdom's Barclays Bank and Santander Bank -- two separate incidents but both involving foul play with technology. In both cases, the criminals were planning to use the banks' KVM (keyboard video mouse) switches which allowed the hackers to record staff key presses and screen activity, helping them to steal password information so they could transfer money into other accounts.
Indeed, one of the least understood and most under-utilized preventative measures for thwarting cyber attacks is the use of KVM switching devices that allow employees to securely switch between networks with various security levels from one desktop location. Cyber attacks can unknowingly arise from within a financial institution as rigorously as those originating from outside sources.
Vulnerable to AttackWhile many bank IT administrators have started deploying KVMs to deal with the inefficiencies of non-switched secured desktops, not all perform to the highest standards possible for eliminating security threats.
Products run the gamut from simple desktop boxes to highly sophisticated and automated devices, and many current KVM switches have known deficiencies, making them vulnerable to malicious use. Most of these deficiencies are related to weaknesses in maintaining data path integrity.
Some existing deficiencies and vulnerabilities of certain KVM solutions currently in the market include:
- USB peripheral vulnerabilities: While all USB ports feature high speed, bidirectional flow of data, this benefit is also a potential threat, since the data is shared along the entire USB bus. This creates the potential for maliciously altered peripherals gaining control, intercepting, and/or accessing resources beyond the PC itself and into any computer network that the PC is attached to. In addition, the USB bus architecture does not completely isolate individual USB ports, creating the potential for data leakage in a secure environment.
- Video vulnerabilities: LCD monitors store and communicate display parameter data in the standard EDID signal, which could be exploited. EDID can be used to leak data from a secure network to an unsecured network by using the monitor display memory as a vehicle to transport data when being used with a KVM system.
- Microphone vulnerabilities: Microphones are susceptible to sniffing, capture, and re-direction. The AC'97 codec input used for audio in desktop PCs is a part of the signal processor that could be intercepted by sniffer software, capturing any conversation used over the input channel.
- Memory buffer leaks: Some KVM switches use buffering onboard, and have the potential to inadvertently leak data from channel to channel as they use the same switching processor for multiple ports. A keyboard buffer can be an area of vulnerability to transferring information from one port to another.
- Inadequate CAC implementation: Many KVM systems do not support CAC or have limited support of CAC readers. However, even those that provide CAC-reader support do not fully isolate the CAC reader from other peripherals. By not isolating the CAC port, the keyboard and mouse are vulnerable to attacks.
- Poor casing and design: Most KVM switches are designed and manufactured in foreign countries. Domestic vendors with proven security measures in place are designing and manufacturing the devices, but the internal and external components of the switch may be vulnerable to tampering if the sources are not trusted.
Boosting Security: Best PracticesIn light of these types of threats, new technologies are evolving that address the concern for desktop security, such as truly secure KVM switch solutions. Using these new technologies is among the most effective best practices that bank IT administrators can implement to improve desktop security, protect customers' confidential information, and reduce the risk of losing millions of dollars to cyber attacks.
Additionally, the National Information Assurance Partnership (NIAP) within the National Security Agency has identified a number of potential issues in testing KVM switching devices that could cause significant security problems. Based on these issues, there are several best practices that IT administrators can employ to help improve the security and reduce vulnerabilities in computing systems used by banks. These solutions are directly related to most of the deficiencies in many current KVM switching devices when handling USB, video, audio, and memory buffering:
- Avoid non-secure KVM switches: Non-secure KVM switches should be used only in situations where users have access to virtually no sensitive data and are on isolated networks with no chance of connecting to other secure systems.
- Understand system features: Any purchaser of KVM switching technology should thoroughly investigate and vet the capabilities and features of these systems before trusting them within multi-security-level environments. One thing to ensure is that a connection, via the KVM, does not allow information transfer between computers.
- Isolate data: To achieve true data path isolation, a KVM switch must be purposefully engineered to completely isolate each data path connection in the switch. The most effective means to mitigate any data leakage from the PC to and from the network is to ensure that all data coming into and out of the KVM switch is completely isolated whenever the operator switches from one secure network to the next. The KVM must also prevent residual data transferred between peripheral port groups with different IDs, and connection should not be accessible by any other peripheral group with a different group ID.
- Monitor USB ports: Only authorized devices should ever be allowed to connect to a secure computer's USB port, particularly flash drives or external hard drives that could be used to introduce viruses or download restricted data. Users should not be allowed to connect unauthorized USB devices to the peripheral switch.
- Protect video vulnerabilities: To guarantee the safe switching of video displays, rather than rely on the PC's built-in plug-and-play interface, which introduces inherent vulnerabilities, the KVM switch itself should handle the video data path through isolated emulators. Since EDID can be used to leak data from a secure network to an unsecured network, KVM devices must prevent the reading or writing of display memory with a protected display interface to stop leakages.
- Avoid microphones: While the use of microphone input may be convenient in some applications, it introduces too many opportunities for malicious hacking or voice capture and should be avoided for security reasons.
- Avoid data buffering: The KVM must provide single, unbuffered, dedicated processors for each KVM switch port. No buffering of data should be allowed anywhere on the data path or within the KVM switch. When an operator switches to another network/port, the port must be completely closed before the new port is opened. Any other method can leak data.
- Isolate the CAC reader: Isolating the CAC port helps to keep the keyboard and mouse from becoming vulnerable to attacks. Also, the KVM must have a port that only detects and supports CAC readers—no other device should ever be allowed to connect to this isolated port.
- Examine casing and design: Because the KVM is responsible for safeguarding many channels of data, it is important that the external housing of the switch is tamper-proof and cannot be opened and modified at any time. Similarly, the internal components of the switch must be constructed to prevent tampering.
- Design and manufacturing: IT purchasers should ensure that only trusted, domestic vendors with proven security measures in place are designing and manufacturing the devices they will be using. Any switch that is not secure from the design stage through delivery can put data systems at risk. End-to-end, tamper-proof design and delivery is essential.
As recent events have shown, cyber threats are on the rise for financial institutions, with critical bank data and computer systems serving as prime targets for cyber criminals. With this in mind, bank IT administrators and purchasers of KVM equipment need to carefully weigh all the security and functional features of these devices to make certain the units provide the safest, most secure functionality to prevent any possible compromise of financial assets. Using a secure KVM switch solution that is NIAP-listed and approved to the latest KVM testing standard -- and that offers true data path isolation -- can help protect the institution's customers and investments from cyberattacks.
About The Author: Luis Artiz is Director of Product Management at Belkin International, leading the global Business Products division. His division is responsible for Belkin's Government, Education, Corporate Desktop, and Infrastructure product strategy, design, engineering, and development.