targus
Hyper
For business
Unbox the joy of savings with 25% off our entire site this holiday season
use code: HOLIDAY25

The Simple Extra Security Features of Targus Universal Docking Stations

November 03, 22 - Posted in: 2022, Tech Talk by Kevin Quinn, Thee DocKtor
The Simple Extra Security Features of Targus Universal Docking Stations

A Little Piece of Mind

Occasionally, a Targus Universal Docking Station customer will inquire about the security of the data link (video, Ethernet, and USB) between the host and the dock. By no means shall the following be considered as best practices for end-point security. A Targus Universal Docking Station is not to be used in lieu of a comprehensive security implementation. The following is documented only to explain why using a Targus Universal Docking Station may enhance a given security implementation.

Driver Security

The Targus versions of the DisplayLink driver are pre-scanned for malware and are signed to prevent misrepresentation or spoofing of the driver. The driver signature also allows flagging if the package has been modified before installing. It is also encrypted to prevent reading or modifying it.

Connection Security

Upon connection, a secure channel between the DisplayLink host client driver and the DisplayLink part in a Targus Universal Docking Station is established. This secure connection is established using ever evolving industry standard security key exchange practices.

Video Security

The video data travels over the secure USB connection after being encoded by the proprietary DisplayLink adaptive compression algorithm. Because this algorithm is both proprietary and adaptive, some may consider it slightly more secure than standard compression methodologies. For additional video security, HDCP can be enabled end-to-end.

Ethernet Security

For Ethernet, the dock port is an NIC device, and the security is done between the laptop and the server using HTTPS/TLS for instance. The DisplayLink driver does not know what is in the Ethernet data on the link. There is no packet inspection or compression completed by the DisplayLink Ethernet driver. Therefore, the dock would not see unencrypted packets. It only enables packets to pass through the secure USB link. Therefore, the dock would not see unencrypted packets.

Also, since the Ethernet connection is over USB, therefore only to a single USB Host (in the client), some may consider it a bit more secure than Ethernet topologies where it is possible to send/receive with several endpoints.

USB Host Security 

USB host ports have a lower attack plane than Thunderbolt host ports.  And while both ports have cyber security issues, those on USB are easier to mitigate.  ForIn example, using a USB Rubber Ducky masquerading as a HID device can enable key injection, but this is not as big of an issue as higher level attacks like DMA attack, see ThunderClap, that can be made via a  Thunderbolt link.  (Targus/Hyper also has Thunderbolt docks). 

Does Thee DocKtor suggest using a Targus Universal Docking Station for the reasons above? Certainly, and more.  But does the CISO recommend Targus Universal Docking Stations over Thunderbolt docking stations, including Targus, that may enable DMA attack?  Maybe 😊 

Please contact your Targus representative or DocKtor for further support or information. 

US Website: http://targus.com/us/support  
Telephone: 800.283.6325 

Canada Website: http://www.targus.com/ca/support 

Australia Website: http://www.targus.com/au/support  
Email: infoaust@targus.com, Telephone: 1800-641-645 

New Zealand Telephone: 0800-633-222 

Latin America Email: soporte@targus.com 

Discover Targus / 2018 / 2019 / 2020 / 2021 / 2022 / 2023 / 2024 / Airport / Business / Case Study / Docks / Industrial Design / iPad Cases / Laptop Backpacks / Lifestyle / Tech / Tech Talk / Technology / Tips and Tricks / Travel
Manifest AI