Secure KVM
Secure KVM
While this does not apply to your situation, I found this short article interesting in that it points out how vulnerable KVM switches are. I had no idea. Perhaps you will find it interesting too. https://blog.tripplite.com/isolate-and- ... m-switches
Re: Secure KVM
Interesting article, or ad I should say.
My KVM does have push-buttons, but I can also change using a specific sequence on my keyboard.
I really don't see how someone can use access to a KVM to gain access to something they shouldn't.
Because the device or computer they are trying to get into would already need a password and probably has a firewall as well.
All they do is connect my keyboard, mouse, and monitor to the computer I wish to use.
It is hard-wired, except for currently I have a wireless mouse using the floating USB port.
Don't know how secure that mouse dongle is though.
My KVM does have push-buttons, but I can also change using a specific sequence on my keyboard.
I really don't see how someone can use access to a KVM to gain access to something they shouldn't.
Because the device or computer they are trying to get into would already need a password and probably has a firewall as well.
All they do is connect my keyboard, mouse, and monitor to the computer I wish to use.
It is hard-wired, except for currently I have a wireless mouse using the floating USB port.
Don't know how secure that mouse dongle is though.
Re: Secure KVM
Anything that radiates energy, such as a wireless mouse, is intrinsically not secure. I don't know enough about KVM's to speculate how or why they become vulnerable to intrusion, but the guys running the ad sell a lot of them. Somebody out there thinks it's worth it. Breaking into a system via KVM is equivalent to bypassing all the security. You supply the login credentials as a legitimate operator. The bad guy just rides on your back and picks off whatever information he wants, such as all your passwords. From there intrusion is easy peasy.
Re: Secure KVM
Well, you know I've never used anything wireless on my computer until recently.
That's because I could pick up what keys were pressed on my ham gear and work out the tone to the pressed keys.
A little computer program can even do that easily.
But I don't think there is any what of breaking into a hard-wired KVM. It doesn't store any information. It's just a switch.
Maybe the newer KVMs work differently?
That's because I could pick up what keys were pressed on my ham gear and work out the tone to the pressed keys.
A little computer program can even do that easily.
But I don't think there is any what of breaking into a hard-wired KVM. It doesn't store any information. It's just a switch.
Maybe the newer KVMs work differently?
Re: Secure KVM
One of the things pointed out in the article is the "in house" bad actor:
Apparently some switches have memory and can connect to external drives. I don't know if that is a modern invention or not, but it's all said to be vulnerable with KVM's. Since you work alone in seclusion, I don't think you have a problem. I just thought you might find the article interesting in that even something as innocuous as a KVM swich can be exploited.A KVM switch that is not secure provides an open door for in-house users to:
Access/remove restricted internal information
Introduce malware network-wide
Physically breach the device hardware
Re: Secure KVM
Maybe the newer KVMs work differently than the one I have?
Just because I can hop between four of my computers using it, doesn't mean if someone else sat down at my desk, they would have access to my data. Not without knowing the passwords to my computers and some folders I have password protected.
Because my office is in my garage, and not in my house, I have all of my computers require a log-in after they go to sleep.
On most of the ones I use daily, they go to sleep in 1/2 hour, the ones I only use occasionally go to sleep in 10 to 15 minutes.
Which is sometimes a nuisance to me, hi hi.
I think the difference between my KVM, and the newer ones, might be like the difference of a Light Switch, vs a Smart Switch?
Just because I can hop between four of my computers using it, doesn't mean if someone else sat down at my desk, they would have access to my data. Not without knowing the passwords to my computers and some folders I have password protected.
Because my office is in my garage, and not in my house, I have all of my computers require a log-in after they go to sleep.
On most of the ones I use daily, they go to sleep in 1/2 hour, the ones I only use occasionally go to sleep in 10 to 15 minutes.
Which is sometimes a nuisance to me, hi hi.
I think the difference between my KVM, and the newer ones, might be like the difference of a Light Switch, vs a Smart Switch?
Re: Secure KVM
The original KVM's were all mechanical, no doubt. It was very simple and straight forward back then. Now the world of computing and data warehousing demand remote access over distances exceeding that which you have in your office. Those transmission lines are vulnerable and some memory might be required to get the routing right. The above article addresses issues that would not necessarily involve remote switching. As you suggest, anybody can sit down at your computer and start flipping switches. In your case that is unlikely to happen, but in an office environment there are a lot of familiar faces with curious minds. Passwords alone might not be effective among peers. I think the main point of the article is to reduce the likelihood of internal sabotage. It's just an aspect of security that hasn't been given much thought to.
Re: Secure KVM
Many decades ago, when I worked at McDonnell-Douglas, they KNEW where we were in any building at any given moment.
We had to scan our badge to go through any door, if that door would let you through that is.
I was given Black Dot security clearance in order to work in the NASA division, even so, there were still many doors I could not enter, even with a black dot, because I was not authorized for those areas.
Now in today's computer age, I don't doubt they can track you even better, and let you know if you are heading in a non-approved direction, hi hi.
Even back when we had the Lisa System, long before security was a main concern, the only thing an employee could do at any of the terminals, was fill out the form presented to them on the screen.
And later, with the WANG system, they could back out of the main screen to play a game or do other things, but only if those things were allowed on that particular terminal.
But I suppose the Internet changed a lot of things, and all those back doors suddenly became available worldwide, hi hi.
We had to scan our badge to go through any door, if that door would let you through that is.
I was given Black Dot security clearance in order to work in the NASA division, even so, there were still many doors I could not enter, even with a black dot, because I was not authorized for those areas.
Now in today's computer age, I don't doubt they can track you even better, and let you know if you are heading in a non-approved direction, hi hi.
Even back when we had the Lisa System, long before security was a main concern, the only thing an employee could do at any of the terminals, was fill out the form presented to them on the screen.
And later, with the WANG system, they could back out of the main screen to play a game or do other things, but only if those things were allowed on that particular terminal.
But I suppose the Internet changed a lot of things, and all those back doors suddenly became available worldwide, hi hi.
Re: Secure KVM
Computers and networks never were bulletproof. I doubt they ever can be, although I am hearing rumors of a quantum Internet that would solve all the security problems. Back when Lisa was a popular computer the opportunities to breach a network or individual workstation were limited. You could actually count them because there weren't that many machines out in the wild. In 2021 the opportunities for entry into forbidden areas have increased beyond imagination. Everything from your bedroom lights to the radio in your car to the phone you carry in your pocket is connected, and somebody already has the key to get into your private system. The problem there is that the Internet of Things has been ignored from a security point of view. Why protect something like a KVM switch? The answer is that your switch doesn't need to be protected, but there are thousands and maybe millions of them in places that should be highly secure. It doesn't matter if some guy in China is listening in on your Echo network, but if that guy is with the military and connected to a Pentagon network via a KVM switch, THAT might matter.
Re: Secure KVM
I'm sure all of these LoT devices out there has opened a whole Pandora's box of way to get into the main stream Internet feeds.
And now with higher speed fiber optics, and with everything encrypted, I don't see how they can stop the hackers at all.
I didn't think it was a good idea to encrypt the html services, because it seems to me, it makes it nearly impossible to pick out the harmful transmissions from the legal and good transmissions. Nobody knows what is being transmitted where! Or what purpose the transmission serves!
And now with higher speed fiber optics, and with everything encrypted, I don't see how they can stop the hackers at all.
I didn't think it was a good idea to encrypt the html services, because it seems to me, it makes it nearly impossible to pick out the harmful transmissions from the legal and good transmissions. Nobody knows what is being transmitted where! Or what purpose the transmission serves!
Re: Secure KVM
The encrypted Internet targets one specific kind of breach called "a man in the middle" attack. That is a situation where somebody intercepts your stream of data, reads and/or stores it, and then sends it on it's merry way. If it's encrypted there are known ways to decode it, but not everyone has the equipment. The man in the middle isn't there anymore. He moved to the end of the transmission, or beginning, before the data is encrypted or after it has been decrypted. What you hear regarding end-to-end encryption has to be taken with a grain of salt. The end points are the ISP's who then forward the data stream to you. If the bad guy works for the ISP, then your encryption is useless. There are methods that get around that problem too but they involve both the sender and receiver having the same encryption software installed on their computing devices. This software is readily available but few people use it. The public networks are more vulnerable than private ones, but you can bet your bottom dollar that government security folks have their fingers into all those internet switches out there looking for specific checksums and key phrases. I don't know for sure, but I have a feeling they are not slowed down by any normal encryption scheme used by the Internet.
Re: Secure KVM
Many years ago, we had a program that turned your e-mail into garbage. Before the word encryption came out, hi hi.
You typed a sentence into a randomizer, and it would use that sentence to encode your message.
You sent your friend the same sentence, or if you used a book you both had, you told him which page, paragraph, and sentence to use. He had to have the same program as you did for it to work. It was a short lived, but phun little toy program.
And as I think about it, I'm pretty sure I mentioned this once before.
As far as Big Brother goes, I'm sure NOTHING gets past them, hi hi.
You typed a sentence into a randomizer, and it would use that sentence to encode your message.
You sent your friend the same sentence, or if you used a book you both had, you told him which page, paragraph, and sentence to use. He had to have the same program as you did for it to work. It was a short lived, but phun little toy program.
And as I think about it, I'm pretty sure I mentioned this once before.
As far as Big Brother goes, I'm sure NOTHING gets past them, hi hi.
Re: Secure KVM
You must have read the advice to NOT CLICK on anything you get in the mail, and be very very cautious of what you click on when you go to a website you have not visited before. That is the SOP in today's world on the Internet. So the hackers got clever and started to embed executable code into images of all sorts. Thus all you had to do was download the image and pow. You got infected. Well there are browsers and mail clients that give you the option to block all images and take care of that problem. Unfortunately the hackers are getting very clever and developing new ways to take over your computing devices without you knowing it happened. I just read about a method that infects your iPhone (but can be deployed elsewhere) without any action on your part. The only event is you receive a text message with an emoticon in it. If you receive the message, you are infected via the bogus emoticon. They found a way to spoof .pdf (read that to mean executable) files as .gif emoticons. As the OS parses the emoticon to display it the hack exploits the flaws in the system and executes the code embedded in the hidden .pdf file. Most people who get a message like that from an unknown source would simply trash it and be done. But it's too late. The attack occurs before you even get to see it and with no action on your part being required.
The above is software being sold by an Israeli company in the open market wherever it's not banned. The intent of the software is to take over the phone and enable the camera and microphone without giving any clues it is doing so. The software can also copy any files that might be stored on the phone, be they text, video, or audio. There is no way to stop it from infecting your phone because by the time you detect it the dirty work has been completed. It turns out Israel isn't the only country on earth selling this kind of exploit, but they did invent it and have used it frequently.
The above is software being sold by an Israeli company in the open market wherever it's not banned. The intent of the software is to take over the phone and enable the camera and microphone without giving any clues it is doing so. The software can also copy any files that might be stored on the phone, be they text, video, or audio. There is no way to stop it from infecting your phone because by the time you detect it the dirty work has been completed. It turns out Israel isn't the only country on earth selling this kind of exploit, but they did invent it and have used it frequently.
Re: Secure KVM
I hear ya Yogi - LOTS of bad people out there!
One lady got caught using the signature line in her e-mails to run a malware bot.
It didn't mess up your computer, but it did pull things from it and send it to her.
Which is how she was caught, hi hi.
I carry my little flip-fone in my back pocket, the camera is inside when closed, hi hi.
Now the frau, she has one of those Schmartz-Fonz, and no telling what all she does with it.
One lady got caught using the signature line in her e-mails to run a malware bot.
It didn't mess up your computer, but it did pull things from it and send it to her.
Which is how she was caught, hi hi.
I carry my little flip-fone in my back pocket, the camera is inside when closed, hi hi.
Now the frau, she has one of those Schmartz-Fonz, and no telling what all she does with it.