Hardware

Review: Belkin Universal 2nd Gen Secure KVM Switch Makes Identifying Networks Simple

Color coding on the switch and a remote control keyboard help prevent classified information from jumping networks.

Twitter

John Breeden II is an award-winning reviewer and public speaker with 20 years of experience covering technology.

Keyboard, video and mouse (KVM) switches in the federal government grew from the fact that employees at many agencies needed to access multiple networks with varying levels of security.

A perfect example is the Department of Defense, which operates both the Non-classified Internet Protocol Router Network (NIPRNet) for normal applications and the Secret Internet Protocol Router Network (SIPRNet) for classified activities.

Prior to KVMs, employees needed multiple monitors, computers, keyboards and mice — one for each network. This led to sprawling workspaces and confusion, just to perform routine tasks.

KVMs allow for multiple network connections to run into the switch, so users need only one computer and one set of peripherals for multiple networks. Secure KVMs are certified to ensure that no information, either audio or data, is ever allowed to jump networks.

That has been the format used in government for many years. It works, but could stand for a little improvement. That is Belkin’s goal with its second-generation KVM switches and remote control keyboards.

Security Features Keep Data in Place

Both the Belkin keyboard and KVM comply with the National Information Assurance Partnership (NIAP) Protection Profile 4.0, designed for DOD and other government agencies.

I tested several scenarios in which I tried to bleed data across networks connected by the KVM, and nothing got through. It’s clear that Belkin kept proven security features in place when upgrading its KVM line.

The major improvements are visual, and work toward eliminating human error rather than any flaws in the switch itself. First-generation KVMs generally had LEDs that lit up to tell users what network they were on, but they had to remember that Network 1 was public, Network 2 was classified, and so on. Often, users would color-code their switches with stickers.

Belkin has added those colors to the buttons on the KVM so that, for example, the public network button is illuminated green and the classified one is red. At a glance, it’s easy to tell where a user is working.

DISCOVER: Planned tech upgrades provided happy surprises for federal agencies.

Photo of Belkin Universal 2nd Gen Secure KVM Switch

The backlit keyboard is also illuminated in the color of the network being used, mirroring the buttons on the main KVM. The keyboard can even be used to switch networks, which is helpful if the KVM is in an inconvenient location or locked inside a cabinet for extra security.

The Belkin Universal 2nd Gen Secure KVM and the Belkin KVM Remote Control with Integrated Keyboard is highly secure, and provides the additional benefit of good visual feedback so users always know they are working on an appropriately secured government network.

SPECIFICATIONS (KVM Switch)

Supported Streams: Audio and data
Ports: 4
Maximum Supported Resolution: 3840x2160
Dimensions: 12.5x6.4x3.6 inches
Weight: 4.85 pounds

SPECIFICATIONS (Keyboard)

Interface: USB
Type: Mechanical, quiet keys
Supported Backlight Colors: 4
Cable Length: 6 feet

Secured KVM System Prevents Data Sharing

The visual enhancements offered by Belkin’s second-generation KVM, and especially the KVM remote control with integrated keyboard, are impressive. The new features make it obvious what network users are working on, so there should be no accidental messages or activities occurring at the wrong security classification.

But in government, the main purpose of a KVM is security, so I tested to see how well the second-generation KVMs held up to the rigorous standards set by earlier devices.

It’s worth noting that both devices were certified by NIAP for Common Criteria under Protection Profile 4.0, so I was pretty sure how these tests would turn out — but I decided to try anyway.

One of the first things I did was to set up capture software on two separate computers that recorded everything — data and sound — that happened on them. I then connected those systems to the Belkin KVM and also attached the optional Belkin keyboard. I designated my classified network as red and my public one as green.

The first thing I did was to start typing very rapidly on the red network and then switch over to the green one. Every time I did that, no data came across. It’s clear that Belkin clears the keyboard cache when a network is switched. Early KVMs had a problem with this, but it’s no longer an issue here.

I then loaded up several video and audio feeds on my red network and tried to listen in or grab some data about them from the green network. Again, nothing was detected.

Despite using dedicated snooping software, I couldn’t determine if the red network was active — or if it even existed. In person, I could look and see that it was there, but looking in from the outside, another user would have no clue.

The colored backlighting on both the KVM and the keyboard made it much easier to perform my security testing. I always knew which network I was working with, and regular users doing their government jobs will as well.

It was actually very nice working with these second-generation devices, and good to know that they are just as secure as their storied predecessors.