Raritan intros smart card-reading KVM switch system

by Darren Murph, posted Aug 16th 2007 at 9:02AM

The days of casually interfacing with uber-secure servers without unduly amounts of red tape holding you back could be coming to an end, especially if you work at a government or financial institution that has a contract with Raritan. The latest paranoia-curing gizmo to escape its labs is the Paragon II KVM Smart Card Reader solution for a KVM switch, which supports the US Federal HSPD-12 standard and aims to "enhance an organization's security approach" by requiring smart cards to be inserted before access is granted to machines via KVM. More specifically, the all-in-one solution "does not store or cache card data, requires re-authentication when changing targets, and allows access of servers by only one user at a time." So much for snoopin' on your lunch break, eh?

Filed under: Desktops, Peripherals

Tags: Analog KVM Switch, AnalogKvmSwitch, cat5, defense, Department of Defense, DepartmentOfDefense, dod, ethernet, kvm, kvm switch, KvmSwitch, Paragon II, ParagonIi, Raritan, world record, world's first, World'sFirst, WorldRecord

Reader Comments (Page 1 of 1)

Neutral

fsckus @ Aug 16th 2007 9:49AM

So tell me: what's to keep out hypothetical hacker from just unplugging the cables at the back of the KVM and connecting a screen and keyboard directly? This isn't a substitute for having good physical security. If someone can get to your machine, they can get in.

Neutral

Juke Box Hero @ Aug 16th 2007 10:34AM

This unit is just a remote KVM head unit (looks to be IP based) with a backend unit that actually connects to the machine. So the video from the machine that you receive is actually coming over the network port. The machine you are accessing could actually be anywhere in the world, probably locked away in a secure room. Think of it like a thin client that you would use to terminal service into a machine. We use a similar system at work so that we don't have to constantly badge into our server room to admin a box...but a little card reader to secure our access head units would be cool...

Neutral

engadget.com @ Aug 16th 2007 11:15AM

The raritans (I used them when I worked at my previous job for a large gov entity) are IP based. All of the servers are connected to a master raritan switch, which then connects to the raritan consoles on users desks via your ip network. It would take getting to the server to do what you described, which would not be easy. Additionally, based on HSPD12, the card reader passes your credentials to the server, the server authenticates the user. What this particular device allows, is the ability to be able to use the common access cards remotely rather then having to sit in front of the machine.

Neutral

Bushrod @ Aug 16th 2007 11:54AM

Ah, now I get it. CAC authentication to servers works fine with ActiveClient and Win 2K3 servers over RDP. This will get you CAC on the console. Maybe HP will build this into their iLo boards in the future.

Neutral

tk @ Aug 16th 2007 9:59PM

There are a lot of solutions that could/do help prevent terrorism(I'm not sure how this device really plays a roll in that btw) that doesn't automatically make them GOOD solutions, or solutions that are worthy of implementing. Lets not let emotion blind reason. Maybe you just don't get it.