Section 2 - OverviewUSB eLock Filter User ManualProducts covered by this manualUSB eLock Filter: FF10N-3: USB eLock Configurable Filter, 2-Port FH10N-3: USB eLock HID Filter, 2-PortRev: EDoc No.: HDC10354
Section 2 - OverviewTable of ContentsIntroduction . 3Intended Audience . 3What is an eLock USB Filter?. 3Package Contents . 3Revision. 3Safety Precautions . 4Safety Precautions (French). 5User Guidance & Precautions . 6Main Features . 7Tamper Evident Labels . 8Active Anti-Tampering System . 8Equipment Requirements. 9Product Specifications . 10Before Installation . 11Installation . 12Typical system installation Illustration . 12COPYRIGHT AND LEGAL NOTICE . 13
Section 2 - OverviewIntroductionThank you for purchasing this High Sec Labs (HSL) Secure productdesigned for use in secure defense and intelligence installations.The eLock USB Filter physically mounts and locks down a standardcomputer USB port while providing a secure solution for connectingauthorized USB devices to the protected USB port. The eLockprovides the highest security safeguards and features that meettoday’s IA (information assurance) computing requirements.The product provides the highest security safeguards and featuresthat meet today’s IA (information assurance) computingrequirements as defined in the latest PSS Protection Profile Rev 3.0.This User Manual provides all the details you’ll need to install andoperate your new product.Intended AudienceThis document is intended for the following professionals: System Administrators/IT Managers End UsersWhat is an eLock USB Filter?HSL eLock USB Filter allows protecting computer USB ports fromunauthorized peripheral usage and is suitable for scenarios whereleaving USB ports open makes a computer vulnerable.Package ContentsInside product packaging you will find the following: eLock USB Filter User Guidance DocumentationRevisionA – Initial Release, 24 Feb 2015B – Corrections, 2 April 2015C – Rev change, 12 May 2015E – Updated product behavior, 13 August 2015Important Security Note:If you are aware of potential security vulnerability whileinstalling or operating this product, we encourage you tocontact us immediately in one of the following ways: Web form: http://www.highseclabs.com/support/case/Email: [email protected]: 972-4-9591191 or 972-4-9591192Important: This product is equipped with always-on active antitampering system. Any attempt to open the product enclosurewill activate the anti-tamper triggers and render the unitinoperable and warranty void.
Section 2 - OverviewSafety PrecautionsPlease read the following safety precautions carefully before usingthe product: Before cleaning, disconnect the product from any electrical powersupply. Do not expose the product to excessive humidity or moisture. Do not store or use for extensive period of time in extreme thermalconditions – it may shorten product lifetime. Install the product only on a clean secure surface. If the product is not used for a long period of time, disconnect itfrom electrical power. If any of the following situations occurs, have the product checkedby an HSL qualified service technician:oooooLiquid penetrates the product’s case.The product is exposed to excessive moisture, wateror any other liquid.The product is not working well even after carefullyfollowing the instructions in this user’s manual.The product has been dropped or is physicallydamaged.The product shows obvious signs of breakage orloose internal parts. The product should be stored and used only in temperature andhumidity controlled environments as defined in the product’senvironmental specifications. Never attempt to open the product enclosure. Any attempt to openthe enclosure will permanently damage the product. The product contains a non-replaceable internal battery. Neverattempt to replace the battery or open the enclosure. This product is equipped with always-on active anti-tamperingsystem. Any attempt to open the product enclosure will activate theanti-tamper triggers and render the unit inoperable and warrantyvoid.
Section 2 - OverviewSafety Precautions (French)oVeuillez lire attentivement les précautions de sécurité suivantesavant d’utiliser le produit:ou provoque des court circuits de la prise dusecteur.oUn liquide a pénétré dans le boîtier del’appareil. Assurez-vous de ne pas exposer l’appareil à unehumidité excessive.o L’appareil est exposé à de l’humidité excessiveou à l’eau.Assurez-vous d’installer l’appareil sur une surfacesécurisée propre.o Ne placez pas le cordon d’alimentation DC entravers d’un passage.L’appareil ne fonctionne pas correctementmême après avoir suivi attentivement lesinstructions contenues dans ce guide del’utilisateur. Si l’appareil n’est pas utilisé de longtemps, retirezl’alimentation murale de la prise électrique.oL’appareil est tombé ou est physiquementendommagé. L’appareil devra être rangé uniquement dans desenvironnements à humidité et températurecontrôlées comme défini dans les caractéristiquesenvironnementales du produit.oL’appareil présente des signes évidents depièce interne cassée ou desserréeoL’appareil contient une batterie interne. Labatterie n’est pas remplaçable. N’essayezjamais de remplacer la batterie car toutetentative d’ouvrir le boîtier de l’appareilentraînerait des dommages permanents àl’appareil.oCe produit est équipé d'toujours-sur le systèmeanti-sabotage active. Toute tentative d'ouvrirle boîtier du produit va activer le déclencheuranti-sabotage et de rendre l'unité videinutilisable et garantie. L’alimentation murale utilisée avec cet appareildevra être du modèle fourni par le fabricant ou unéquivalent certifié fourni par le fabricant oufournisseur de service autorisé. Si une des situations suivantes survenait, faitesvérifier l’appareil par un technicien demaintenance qualifié:oEn cas d'alimentation externe - L’alimentationde l’appareil surchauffe, est endommagée,cassée ou dégage de la fumée
Section 2 - OverviewUser Guidance & PrecautionsPlease read the following User Guidance & Precautions carefullybefore using the product:1. As product powers-up it performs a self-test procedure. Incase of self- test failure for any reason, the product will beInoperable. Self-test failure will be indicated by thefollowing LED behavior:a. A specific, predefined LED combination will beturned ON;b. The predefined LED combination will indicate theproblem type (e.g. firmware integrity).Try to power cycle device connected to product. If problempersists please contact your system administrator ortechnical support.2. Product power-up and RFD behavior:a. At power up the product LED behavior will be asdescribed in Operation section.b. RFD is controlled by software shortcut"CTRL, CTRL, F11, R".Notes:1. Keyboard shortcut keys are to be pressedsequentially2. CTRL key refers to LEFT CTRL key.3. Product is equipped with always-on active anti-tamperingsystem. Any attempt to open product enclosure will activatethe anti-tamper system. In this case, product will beinoperable and warranty void. If product enclosure appearsdisrupted, please remove product from service immediatelyand contact technical support.4. Product log access and administrator configuration optionsare described in product Administrator Guide.5. If you are aware of any potential security vulnerability whileinstalling or operating product, please remove product fromservice immediately and contact us in one of the ways listedin this manual.
Section 2 - OverviewMain FeaturesThe HSL eLock USB Filter is an advanced USB protection productwhich incorporates physical and programmed protection ofcomputer USB ports . Below is a summary of the main featuresincorporated into the product.Physical USB Protection The eLock physically mounts and locks on a standard USB port.Force removal of the eLock damages the USB port making itunusable.Note: The physical locking aspects of the product were notevaluated to NIAP or Common-Criteria standards.HID Filter Accepts only USB HID devices (Keyboard and mice Devices) andblocks other HID devices.Hardcoded ASCII keyboard / mice characters.Incapable of processing any code other than HID-ASCII.Highly secure, read-only non-configurable chip.Configurable Filter USB-ID based filter.Accept USB devices based on unique identifiers such as serial,HID, VID, ClassID, and more.For programing features please refer to the eLock setup manual.Secure administrator access & log functionsProduct incorporates secure administrator access and log functionsto provide auditable trail for all product security events.Always-on, active anti-tamper systemActive anti-tampering system prevents malicious insertion ofhardware implant such as wireless key-logger inside productenclosure. Any anti-tampering attempt renders product inoperableand shows clear indications of tampering event to user.Holographic security tamper-evident labels are placed on theenclosure to provide a clear visual indication if product has beenopened or compromised.
Section 2 - OverviewTamper Evident LabelsProduct uses holographic tamper evident labels to provide visualindications in case of an enclosure intrusion attempt. When openingproduct packaging inspect the tampering evident labels.If for any reason one or more tamper-evident label is missing,appears disrupted, or looks different than the example shown here,please call Technical Support and avoid using that product.HSL Tamper Evident LabelActive Anti-Tampering SystemProduct is equipped with always-on active anti-tampering system. Ifmechanical intrusion is detected by this system, the Product will bepermanently disabled and all LEDs will blink continuously.If product indicates "tampered state" (all LEDs blinking) - please callTechnical Support and avoid using that product.
Section 2 - OverviewEquipment RequirementsUSB Mouse console portOperating SystemsThe product console USB mouse port is compatible withstandard USB mice.Product is compatible with devices running on the followingoperating systems: Microsoft Windows Red Hat , Ubuntu and other Linux platforms Mac OS X v10.3 and higher.USB Keyboard console portThe product USB keyboard port is compatible with StandardUSB keyboards.Notes:a. USB keyboard and mouse ports are switchable, i.e. youcan connect keyboard to mouse port and vice versa.However, for optimal operation it is recommended toconnect USB keyboard to console USB keyboard portand USB mouse to console USB mouse port.b. For security reasons products do not support wirelesskeyboards. In any case do not connect wirelesskeyboard to product.c. Non-standard keyboards, such as keyboards withintegrated USB hubs and other USB-integrated devices,may not be fully supported due to security policy. If theyare supported, only classical keyboard (HID) operationwill be functional. It is recommended to use standardUSB keyboards.Notes:a. USB keyboard and mouse ports are switchable, i.e. youcan connect keyboard to mouse port and vice versa.However, for optimal operation it is recommended toconnect USB keyboard to console USB keyboard portand USB mouse to console USB mouse port.b. USB mouse port supports Standard KVM Extendercomposite device having a keyboard/mouse functions.c. For security reasons products do not support wirelessmice. In any case do not connect wireless mouse toproduct.Programming Cable for Configurable FilterUSB Type-A to USB Type-A Programming cable
Section 2 - OverviewProduct SpecificationsEnclosure:Sealed plastic enclosurePower Requirements:NoneNo. of Users Supported:1No. of Computers Supported: 1Computer Keyboard/Mouse ports:Self-locking USB Type APlugIndicators HID Filter:AuthenticationLED(bi-color)Mouse status LED (bi-color)Keyboard status LED (bi-color)Indicators Configurable Filter:AuthenticationLED(bi-color)Upper port device status LED (bicolor)Lower port device status LED (bicolor)Operating Temp:32 to 104 F (0 to 40 C)Storage Temp:-4 to 140 F (-20 to 60 C)Humidity:0-80% RH, non-condensingProduct design life-cycle:10 yearsWarranty:2 years
Section 2 - OverviewBefore InstallationUnpacking the ProductBefore opening the product packaging, inspect the packagingcondition to assure that product was not damaged during delivery.When opening the package, inspect that the product Tamper EvidentLabels are intact.Where to locate the Product?The enclosure of the product is designed for desktop configuration.Product must be located in a secure and well protected environmentto prevent potential attacker access.Consider the following when deciding where to place product:Important:1. If the unit’s enclosure appears disrupted, please removeproduct from service immediately and contact HSLTechnical Support athttp://highseclabs.com/support/case/.2. Do not connect product to computing devices:a. That are TEMPEST computers;b. That include telecommunication equipment;c. That include frame grabber video cardsd. That include special audio processing cards. Product must be visible to the user at all times.The location of the computers in relation to the product andthe length of available cables (typically 1.8 m)Warning: Avoid placing cables near fluorescent lights, airconditioning equipment, RF equipment or machines that createelectrical noise (e.g., vacuum cleaners).
Section 3 - OperationInstallationTypical system installation Illustration1. Connecting the eLock USB Port Filter to a computer Note: Once connected to the computer, eLock cannot beremoved without damaging the USB port.Select the computer USB port that you wish to protect andconnect the eLock male USB connector to it.2. Connecting USB peripherals to the eLock female USB ports Connect your USB peripherals to the eLock female USB ports.Note: When using the Hardcoded HID Filter, only standard USBkeyboard and mouse will be accepted. Other devices will berejected and unrecognized. Note: When using the Configurable Filter, only preconfigureddevices will be accepted and operational. For programmingfeatures please refer to the eLock setup manual.3. LED behavior:Device (USB/KBD) LEDs would mean the following: Not lit Nothing connected/Not detectedSteady Green QualifiedSteady Red RejectedImportant Security Notes:1.Authentication LED: Steady Red FailedSteady Green Successfully authenticated2.If you are aware of potential security vulnerability while installing or operatingthis product, we encourage you to contact us immediately in one of thefollowing ways: Web form: http://www.highseclabs.com/support/case/ Email: [email protected] Tel: 972-4-9591191 or 972-4-95911922. Important: If the unit’s enclosure appears disrupted, please remove product fromservice immediately and contact HSL Technical Support athttp://highseclabs.com/support/case/3. Important: This product is equipped with always-on active anti-tamperingsystem. Any attempt to open the product enclosure will activate the anti-tampertriggers and render the unit inoperable and warranty void.
Legal NoticeCOPYRIGHT AND LEGAL NOTICE 2015 High Sec Labs Ltd. (HSL) All rights reserved.This product and/or associated software are protected by copyright,international treaties and various patents.This manual and the software, firmware and/or hardware describedin it are copyrighted. You may not reproduce, transmit, transcribe,store in a retrieval system, or translate into any language orcomputer language, in any form or by any means, electronic,mechanical, magnetic, optical, chemical, manual, or otherwise, anypart of this publication without express written permission from HSL.HSL SHALL NOT BE LIABLE FOR TECHNICAL OR EDITORIAL ERRORS OROMISSIONS CONTAINED HEREIN; NOR FOR INCIDENTAL ORCONSEQUENTIAL DAMAGES RESULTING FROM THE FURNISHING,PERFORMANCE, OR USE OF THIS MATERIAL.The information contained in this document represents the currentview of HSL on the issues discussed as of the date of publication.Because HSL must respond to changing market conditions, it shouldnot be interpreted to be a commitment on the part of HSL, and HSLcannot guarantee the accuracy of any information presented afterthe date of publication. PRODUCT DESIGN AND SPECIFICATION ISSUBJECT TO CHANGES WITHOUT NOTICEThis Guide is for informational purposes only. HSL MAKES NOWARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.PATENTS AND TRADEMARKSThe products described in this manual are protected by multiplepatents.HSL Product/s and logo are either trademarks or registeredtrademarks of HSL.Products mentioned in this document may be registered trademarksor trademarks of their respective ownersU.S. GOVERNMENT RESTRICTED RIGHTSThe Software and documentation are provided with RESTRICTEDRIGHTS.You agree to comply with all applicable international and nationallaws that apply to the Software, including the U.S. ExportAdministration Regulations, as well as end-user, end-use and countrydestination restrictions issued by U.S. and other governments.The information and specifications in this document are subject tochange without prior notice.Images are for demonstration purposes only.
USB Keyboard console port The product USB keyboard port is compatible with Standard USB keyboards. Notes: a. USB keyboard and mouse ports are switchable, i.e. you can connect keyboard to mouse port and vice versa. However, for optimal operation it is recommended to connect USB keyboard to console USB keyboard port and USB mouse to console USB .