Guaranteed one-way communication as turn-key solution
The Fox DataDiode is computer hardware that enforces unidirectional flow of network traffic.
A unidirectional network connection is a link between two networks for which guarantee can be given that the information only flows from the one network to the other, and that it is impossible for data to flow in the opposite direction.
The source network is typically referred to as “upstream” and the destination network as “downstream”, following the analogy how water flows from upstream to downstream. Although in many government and military environments, the source (untrusted) network is referred to as “black” or “low” and the destination (trusted) network as “red” or “high”.
The Fox DataDiode implements a full protocol break, and works by enforcing the use of a single strand of a fiber optic connection in conjunction with fiber optic processing electronics that are especially designed for unidirectional signal flow. This lack of full duplex communication breaks the use of bidirectional traffic such as TCP/IP. This problem is addressed by using proxy servers that transmit data in a connectionless way.
There are several scenarios where the Fox DataDiode is needed. Let’s start with the one that illustrates the Fox DataDiode best: protect secrets or protect intellectual property. By using a one-way connection, the Fox DataDiode helps you to prevent data leakage of confidential or classified information, while still having access to critical data sources you need for your daily job. Think about updates for Anti-Virus products or Microsoft Windows, Databases, web feeds, email, video streams and operational information for your Security Operation Centers. Once you start thinking about it, you can come up with a lot more use cases. Besides protecting data, the Fox Data Diode can also protect important assets in an industrial environment. Using the Fox DataDiode in such an environment prevents unwanted access to Industrial Control Systems (ICS), including SCADA systems and DCSs, while still allowing ICSs to send out Critical Operational Data, Performance Metering and other Events and Alarms.
The next picture schematically shows the standard hardware setup of a Fox DataDiode system. Located in the center, the Fox DataDiode optical diode hardware connects and isolates the upstream (sending) network from the downstream (receiving) network. Located on the left-hand side the upstream proxy server ensures sending data from the upstream network through the optical diode to the downstream proxy server. On the right-hand side the downstream proxy server ensures receiving data from the optical diode for further handling in the downstream network.
The proxy servers are the primary point of contact for the networks on both ends of the optical diode hardware. Looking outward to their respective networks, they are responsible for interfacing with designated systems and will provide any forwarding services as pre-configured. Facing inward to the optical diode they facilitate protocol break and handle internal diode communications.
A protocol break consists of two components that reside between the sender and the receiver of a message. The first component is a “catcher”, which, while adhering to the protocol, strips all traffic control data from the data it receives, and only retains the payload data. The second component is a “thrower”. The thrower does the opposite: it takes bare payload data, and sends the payload to another system by means of some chosen protocol. In order to do this successfully, the thrower performs all the complicated tasks that are necessary to adhere to the protocol specifications, including the creation of traffic control data.
The attacks that are caused by one of the parties not adhering to a protocol can only be prevented by ensuring that within the environment where attacks are unacceptable, both parties in the protocol are trusted. For unidirectional communication scena- rios, that implies that the side sending the payload (upstream) should be trustworthy, at least from the perspective of the receiver (downstream). The only way to ensure this is by the use of a protocol break.
There are two primary use cases for deploying the DataDiode:
1. Protect secrets (See “How does the DataDiode protect secrets?” for details)
2. Protect assets (See “How does the DataDiode protect assets?” for details)
The next picture schematically depicts how an example setup may allow information to enter a secure network, but prevent information from leaving the secure network. This configuration is often found in government and other high-security operations.
The next picture schematically depicts how an example setup may allow information (normally monitoring data) to leave a network of valuable assets, but prevent potential harmful data from reaching those same assets. This configuration is often found in critical industrial environments.
The Fox DataDiode truly makes it physically impossible for data to transfer from downstream (red) network to the upstream (black) network. This also eliminates the possibility for an integrated data delivery feedback loop. There can be situations where the data stream reliability is challenged; think about power outages, an administrator accidentally disconnecting the data cables, or even sabotage. The DataDiode cannot prevent those types of events from occurring, but they can be alerted upon when detected, and data stream integrity and reliability can be optimized. That means that additional measures must be taken to increase the reliability of the data streams, as well as a failure detection mechanism. All proxy server software products add extra metadata to the data streams, so that the receiving downstream (red) proxy server can deduce if any packets were lost during transfer. In such events, log entries are made that can be acted upon by administrators and initiate a retransfer if so required. Additionally, the proxy server software applies forward error correction to the data stream, allowing to reconstruct failed packets within a margin. A heartbeat signal is sent at a fixed time interval, assuring sub-second indication of a reliability problem.
Could not find your answer? Do not hesitate to ask us at firstname.lastname@example.org
Whether you have a product related question, need technical support or want to contact our customer service, submit your name and email and we will respond within 24 hours.
Guaranteed one-way communication as turn-key solution
Protecting Critical Assets and Production Environments
Protect confidential information with unidirectional DataDiode