How to setup two-way e-mail communication between two differently classified networks securely?
Communication is intended to be used in a bidirectional matter, where sender and receiver exchange information without any hassle. The problem is that communication between two differently classified networks is submitted to strict security rules. Specifically rules regarding the declassification of information i.e. before it is allowed to leave the classified network. In classified environments Data Diodes are used to transport information from the unclassified network to the classified network securely. However, when information is declassified it is still transported manually using a media carrier like USB or CD to the unclassified network.
The disadvantage of manual transporting (declassified) information is that it’s not real-time, it’s time consuming and it introduces additional security risks since information is transported in an uncontrolled matter (humans).
We describe one of the possible solutions of setting up a secure two-way communication within environment where information must be declassified and transported outside of the classified environment. To conduct this process in a controlled matter the solution uses Strict Content Filters together with multiple Fox DataDiodes to create a secure zone (DMZ).
The Fox DataDiodes create an additional layer of security between two networks i.e. Demilitarized zone (DMZ) . Although generally firewalls are used, the more secure solution would be of using two sequentially placed Data Diodes. The diodes ensure that information always flows through the DMZ in a controlled matter without compromises. Between the diodes a Strict Content Filter is placed to check the outbound and inbound information.
Strict Content Filter
When information is transmitted from the Black network to the Red network the integrity of the information should be ensured. This is done by a Strict Content Filter which checks the content of the information.
Content checking can be done in a variety of ways e.g. by only allowing XML information to pass through the diode followed by an XML gateway to check the ‘signature’ of the XML file. Another solution would be to change the format of the transmitted information in such a way that it can be checked by the content filter e.g. using OCR software or making a screen capture of the document.
Even if information can only travel in one direction, it is advised to always implement a mechanism that ensures the integrity and availability of the Red network.Declassification can be used in a similar ways as classification. A Strict Content Filter checks, logs and ensures only intended information leaves the classified network.
Declassification can be used in a similar ways as classification. A Strict Content Filter checks, logs and ensures only intended information leaves the classified network.