Frequently Asked Questions

How does a protocol break benefit the DataDiode?

The attacks that are caused by one of the parties not adhering to a protocol can only be prevented by ensuring that within the environment where attacks are unacceptable, both parties in the protocol are trusted. For unidirectional communication scena- rios, that implies that the side sending the payload (upstream) should be trustworthy, at least from the perspective of the receiver (downstream). The only way to ensure this is by the use of a protocol break.

What are the primary use cases for the DataDiode?

There are two primary use cases for deploying the DataDiode:
1. Protect secrets
2. Protect assets

How does the DataDiode protect secrets?

The next picture schematically depicts how an example setup may allow information to enter a secure network, but prevent information from leaving the secure network. This configuration is often found in government and other high-security operations.

How does the DataDiode protect assets?

The next picture schematically depicts how an example setup may allow information (normally monitoring data) to leave a network of valuable assets, but prevent potential harmful data from reaching those same assets. This configuration is often found in critical industrial environments.

If the Fox DataDiode is that good, how can data transfers be guaranteed?

The Fox DataDiode truly makes it physically impossible for data to transfer from downstream (red) network to the upstream (black) network. This also eliminates the possibility for an integrated data delivery feedback loop. There can be situations where the data stream reliability is challenged; think about power outages, an administrator accidentally disconnecting the data cables, or even sabotage. The DataDiode cannot prevent those types of events from occurring, but they can be alerted upon when detected, and data stream integrity and reliability can be optimized. That means that additional measures must be taken to increase the reliability of the data streams, as well as a failure detection mechanism. All proxy server software products add extra metadata to the data streams, so that the receiving downstream (red) proxy server can deduce if any packets were lost during transfer. In such events, log entries are made that can be acted upon by administrators and initiate a retransfer if so required. Additionally, the proxy server software applies forward error correction to the data stream, allowing to reconstruct failed packets within a margin. A heartbeat signal is sent at a fixed time interval, assuring sub-second indication of a reliability problem.

Could not find your answer? Do not hesitate to ask us at fox@fox-it.com

For a more secure society
  • Experts
  • Services
  • Technology