Network segmentation
A network is composed of various types of devices including computers, servers, IP KVM transmitter and receiver devices, among others. Each device has a different function, and transmits or processes information at different classification levels. The network infrastructure binds all these devices or nodes together—if one node gets infected, the attack could easily spread to the whole network.
Segmentation divides the network by function—where each function has a different security requirement. Segmentation by function prevents an attacker from freely moving through the network and further spreading the attack. Networks can be logically segmented by function or traffic type through the creation of virtual LANs (VLAN) and firewalls—for example, the KVM traffic could be on a separate VLAN than the data traffic. Tighter security control is achieved by physically segregating the networks, and having a completely separate infrastructure for each function. This means, having a separate set of servers, switches, and routers forthe KVM network.
In critical environments—such as military, financial, energy, and utilities markets—air-gapped networks are a common practice, where the KVM network is not connected to the public internet or unsecured LANs. Using fiber optic cables to route the networks also brings in another layer of security. Fiber optic cables are more difficult to snoop than CAT5, and support longer distances, thereby minimizing junctions and potential attack points.