The Fox DataDiode is computer hardware that enforces unidirectional flow of network traffic.
A unidirectional network connection is a link between two networks for which guarantee can be given that the information only flows from the one network to the other, and that it is impossible for data to flow in the opposite direction.
The source network is typically referred to as “upstream” and the destination network as “downstream”, following the analogy how water flows from upstream to downstream. Although in many government and military environments, the source (untrusted) network is referred to as “black” or “low” and the destination (trusted) network as “red” or “high”.
Network segmentation is the act of splitting a computer network into subnetworks, or network segments. Each segment requires its own IP address range. Network segregation however, is the concept of placing server hosts with different security requirements in different network zones. In this way, one can apply security policies to traffic flowing between them. To make network segregation easier, one could segment networks first. Also, a pre-defined policy has to be in place to determine what data is allowed to move from zone to zone.
The Purdue Model (see picture) can be used to conveniently determine the logical location of equipment and network segments at the appropriate level in an industrial setting. Segregating networks at various levels in the model is a key security measure that can outsmart the best of hackers. The two most obvious and advisable segregation points are indicated by the ‘Fox DataDiode icon’ in the picture.
The Fox DataDiode implements a full protocol break, and works by enforcing the use of a single strand of a fiber optic connection in conjunction with fiber optic processing electronics that are especially designed for unidirectional signal flow. This lack of full duplex communication breaks the use of bidirectional traffic such as TCP/IP. This problem is addressed by using proxy servers that transmit data in a connectionless way.
There are several scenarios where the Fox DataDiode is needed. Let’s start with the one that illustrates the Fox DataDiode best: protect secrets or protect intellectual property. By using a one-way connection, the Fox DataDiode helps you to prevent data leakage of confidential or classified information, while still having access to critical data sources you need for your daily job. Think about updates for Anti-Virus products or Microsoft Windows, Databases, web feeds, email, video streams and operational information for your Security Operation Centers. Once you start thinking about it, you can come up with a lot more use cases. Besides protecting data, the Fox Data Diode can also protect important assets in an industrial environment. Using the Fox DataDiode in such an environment prevents unwanted access to Industrial Control Systems (ICS), including SCADA systems and DCSs, while still allowing ICSs to send out Critical Operational Data, Performance Metering and other Events and Alarms.
The next picture schematically shows the standard hardware setup of a Fox DataDiode system. Located in the center, the Fox DataDiode optical diode hardware connects and isolates the upstream (sending) network from the downstream (receiving) network. Located on the left-hand side the upstream proxy server ensures sending data from the upstream network through the optical diode to the downstream proxy server. On the right-hand side the downstream proxy server ensures receiving data from the optical diode for further handling in the downstream network.
The proxy servers are the primary point of contact for the networks on both ends of the optical diode hardware. Looking outward to their respective networks, they are responsible for interfacing with designated systems and will provide any forwarding services as pre-configured. Facing inward to the optical diode they facilitate protocol break and handle internal diode communications.
A protocol break consists of two components that reside between the sender and the receiver of a message. The first component is a “catcher”, which, while adhering to the protocol, strips all traffic control data from the data it receives, and only retains the payload data. The second component is a “thrower”. The thrower does the opposite: it takes bare payload data, and sends the payload to another system by means of some chosen protocol. In order to do this successfully, the thrower performs all the complicated tasks that are necessary to adhere to the protocol specifications, including the creation of traffic control data.
Could not find your answer? Do not hesitate to ask us at firstname.lastname@example.org
Whether you have a product related question, need technical support or want to contact our customer service, submit your name and email and we will respond within 24 hours.
Protect your secrets and safeguard availability and integrity of critical assets
How Petrorio was able to secure their oil platform with Fox DataDiode
Explanation how to protect them from outside digital threats