Federal Agencies and DoD customers are requiring secure one-way data communications on their secure networks or from one network to another. This does pose a challenge with classified networks. These networks are secure and not connected in any way, shape or form. How do you get the data across that physical limitation? There is a great way to do this and it boils down to two viable solutions. Both solutions have been validated and accredited by the federal government. The two solutions are from Owl Cyber Defense and Forcepoint. As a trusted partner, IMPRES Technology Solutions will help you through the requirements process based on your current and future requirements.
Let’s take a look at how this is done and why the federal government is requesting that, “data diodes” be part of their salient characteristics when they request a RFQ or RFI. Another way this technology is referred to is, “cross domain solution”. The definition of cross domain comes out of the Trusted Computer System Evaluation Criteria₁, (US DoD Orange Book). High and low are the terms given to the trusted and untrusted environments in the cross domain data transfer.
For example, a high/low or trusted/untrusted can receive a cross domain data transfer from an unclassified network to a secret (NIPR) network. This can also be from a high threat network to classified network or even unclassified networks to top secret network. All of the networks mentioned are physically air gapped, thus requiring a special data diode appliance to help securely with the task of a cross domain data transfer.
Why data diodes? Data diodes were designed to stop all unauthorized access. They enforce a physical separation or also known as an “air-gap” between network segments. Data can only flow in one direction and never flow in the opposite direction, thus preventing hackers to access networks through the data diode. As mentioned, this technology provides a physical air gap between the high and low networks.
A high level overview of how this works; each side of the transfer will have a cross domain appliance that utilizes a data diode technology. Network A will start the secure file transfer, within the cross domain appliance the data enters the appliance from the send side, the proprietary packet design takes over to securely packetize the data and send it to the target cross domain appliance and the reverse takes place and then the data is sent to the end user. This takes place over fiber network and is invisible to any threat actor that may be looking for it. Additional deep dive data is available upon request.
The appliance runs on a hardened Linux operating system and has tamper and threat detection built into the appliance. If the appliance has a failure or is powered off, a failsafe is in place and no data can pass though the appliance.
You might be thinking, what protocols does this support? Typically what you will see is RFTS, FTP, SFTP and SCP. Also, additional features such as data encryption, user authentication, data is validated and scanned, supports user defined port assignment, option for redundancy with path failover, and quality of service features to name a few.
Additional data diode portfolio that includes the following appliances:
- File Transfer Solutions
- Multi-Purpose Solutions
- Cloud to Cloud Solutions
- Ethernet Packet Transfer Solutions
- Multi-Purpose Bidirectional Solutions
- Data Streaming Solutions
- Mobile and Tactical Solutions
With agencies looking to move to the cloud, securing that data is on the top of everyone’s mind and the data diode technology can secure that data as well.
Thinking outside of the box, other interesting use cases for the data diode is in the Internet of Things (IoT) environment. Think about using the data diode to air gap security cameras, point of sale machines, medical and healthcare devices, smart meters and the list grows daily.
Let’s Start a Conversation! For additional information on data diode technology contact your IMPRES Technology Solutions team at sales@www.imprestechnology.com
About IMPRES Technology Solutions
At IMPRES Technology Solutions, our federal customer’s requirements drive our solutions. By being a vendor neutral solution provider we can architect the correct solution to meet your requirements today and grow with you tomorrow.
Hello everyone. Thanks for stopping by our blog! I joined IMPRES Technology in May of 2018 as a Senior Systems Engineer. Prior to that I had spent over 20 years in the IT industry as a Systems Engineer specializing in enterprise level datacenter solutions for companies like IBM, Arrow and TechData. I’ve embraced the opportunity to work in the federal space supporting our DoD war fighters and civilian agencies. When not busy assisting customers and partners, I enjoy spending time in the outdoors and with my family and friends or volunteering at Habitat for Humanity.
David Coleman