The Simple Extra Security Features of Targus Universal Docking Stations
A Little Piece of Mind
Occasionally, a Targus Universal Docking Station customer will inquire about the security of the data link (video, Ethernet, and USB) between the host and the dock. By no means shall the following be considered as best practices for end-point security. A Targus Universal Docking Station is not to be used in lieu of a comprehensive security implementation. The following is documented only to explain why using a Targus Universal Docking Station may enhance a given security implementation.
The Targus versions of the DisplayLink driver are pre-scanned for malware and are signed to prevent misrepresentation or spoofing of the driver. The driver signature also allows flagging if the package has been modified before installing. It is also encrypted to prevent reading or modifying it.
Upon connection, a secure channel between the DisplayLink host client driver and the DisplayLink part in a Targus Universal Docking Station is established. This secure connection is established using ever evolving industry standard security key exchange practices.
The video data travels over the secure USB connection after being encoded by the proprietary DisplayLink adaptive compression algorithm. Because this algorithm is both proprietary and adaptive, some may consider it slightly more secure than standard compression methodologies. For additional video security, HDCP can be enabled end-to-end.
For Ethernet, the dock port is an NIC device, and the security is done between the laptop and the server using HTTPS/TLS for instance. The DisplayLink driver does not know what is in the Ethernet data on the link. There is no packet inspection or compression completed by the DisplayLink Ethernet driver. Therefore, the dock would not see unencrypted packets. It only enables packets to pass through the secure USB link. Therefore, the dock would not see unencrypted packets.
Also, since the Ethernet connection is over USB, therefore only to a single USB Host (in the client), some may consider it a bit more secure than Ethernet topologies where it is possible to send/receive with several endpoints.
USB Host Security
USB host ports have a lower attack plane than Thunderbolt host ports. And while both ports have cyber security issues, those on USB are easier to mitigate. ForIn example, using a USB Rubber Ducky masquerading as a HID device can enable key injection, but this is not as big of an issue as higher level attacks like DMA attack, see ThunderClap, that can be made via a Thunderbolt link. (Targus/Hyper also has Thunderbolt docks).
Does Thee DocKtor suggest using a Targus Universal Docking Station for the reasons above? Certainly, and more. But does the CISO recommend Targus Universal Docking Stations over Thunderbolt docking stations, including Targus, that may enable DMA attack? Maybe 😊
Please contact your Targus representative or DocKtor for further support or information.
US Website: http://targus.com/us/support
Canada Website: http://www.targus.com/ca/support
New Zealand Telephone: 0800-633-222
Latin America Email: firstname.lastname@example.org