Security via hardware
Data Diodes are a simple yet powerful tool in cybersecurity, creating segmentation and isolated networks. A physical data diode transmits information using light through a unidirectional optical fiber. Because the diode’s security is based on the physical hardware, free from software vulnerabilities.
Security for critical infrastructure
Data diodes are highly suitable for use with critical infrastructure (OT) and control systems (ICS). The diode provides secure one-way communication where information such as logs, alarms, and historical data can be exported, still with full assurance that no path is opened for attacks in the opposite direction.
Cost effective
Data Diode Zero is likely the most cost-effective hardware diode on the market. It features optical hardware separation that ensures one-way data traffic. Despite its simple design, it is powerful, reliable, and suitable for network segmentation and protecting critical infrastructure.
SCALABLE SECURITY
Our cost-effective Data Diode Zero allows for the use of multiple diodes in the infrastructure without incurring significant costs. These diodes can be employed for network segmentation, unidirectional traffic routing from OT networks to IT networks, safeguarding offline backups, and more.
In many scenarios, a data diode proves to be a superior and more cost-effective solution than a firewall. Moreover, a hardware diode doesn’t require high expertise for configuration.
FLEXIBILITY
Data Diode Zero supports one-way data traffic over UDP (User Datagram Protocol).
To provide maximum flexibility, Data Diode Zero is a pure hardware diode that can be supplemented with standalone software to handle more complex protocols and file transfers. This gives the customer maximum flexibility to choose the components that meet the requirements of their specific operations and IT networks. It also provides flexible scalability over time.
ELEGANT AND PRACTICAL
Data Diode Zero features a small form factor and an elegant housing made of durable metal. Its compact size allows the diode to be practically attached like an adapter to the network cable.
This form factor makes it suitable for various environments; it can be utilized in office settings, it is convenient for use in server rooms alongside rack-mounted equipment and cabinets.
Erik at the government agency A has compiled a report for investigation. He creates the report in Information Domain 1, which he accesses via a remote session through an Access Client. This ensures access control and restricts unauthorized access.
Erik needs to share the report with Anna at government agency B. He chooses between exporting to a USB drive, CD, or printing. He decides to print and selects the Secure Print function, which creates a digital print job within Information Domain 1. It is encrypted and signed before the digital export.
The document being exported passes through a data diode. Diode Software ensures reliable file transfer, even though the data diode only handles data traffic as UDP. The file is reconstructed from UDP on the other side of the diode.
Data Guard controls all data transfers according to configurable rules. In this case, it checks integrity and the flow between domains. It also inspects the content of Erik’s file using antivirus engines. If his export violates the government agency’s policies, the export will be blocked. All data transfers are logged.
Erik’s document is approved for export and printing by Data Guard and then passes through another data diode. Diode Software ensures reliable file transfer, even though the data diode only handles data traffic as UDP. The file is reconstructed from UDP on the other side of the diode.
Erik’s document arrives at the export station, still in encrypted format. Erik walks to the export station, authenticates with his smart card, and can then decrypt the file for printing on a locally connected printer.
Erik then transports the printed report securely to Anna.
Every component in the Cross Domain Solution writes detailed logs about data transfers and activities. The logs are suitably exported via a data diode to the Security Operations Center in accordance with compliance and functional requirements.
Secure export of a report containing classified information.
Secure export of a report containing classified information.
Scenario: Erik works at a government agency and needs to export a report containing classified information as input for an investigation by Anna, who works at another government agency.
Situation: Classified information requires special handling to ensure that information which could harm national security or critical societal functions does not fall into the wrong hands. This means that certain information may not be sent via, for example, email or shared in cloud services.
Solution: Secure information exchange via a so-called Cross Domain Solution. Classified information is handled in a separate IT domain where import and export occur via data diodes. Exported data is encrypted, inspected, and logged.
Follow the flow from 1-8 in the figure to learn how a secure export can be carried out.
Details about Data Diode Zero
Data Diode for confidential information
Data Diode Zero can serve as a one-way bridge, allowing data to flow from an open system into a closed system, for instance, to handle confidential information securely. Once inside the closed system, the information has no way out because the diode’s optics prevent the transmission of data (light) in the opposite direction.
Examples of usage:
- Importing confidential documents and files.
- Importing necessary software updates
Data Diodes for the protection of critical infrastructure (OT)
With Data Diode Zero, information can be transmitted from a closed system to an open system without opening the closed system to receive information. Data export becomes possible while preventing intrusion.
Examples:
- Unidirectional traffic flow between Operational Technology (OT) and Information Technology (IT).
- Export of PLC readings from systems that are part of critical infrastructure.
- Protection of data sent to a log server.
Data Diode specification
- Safer than a firewall
- Physically unidirectional data traffic via internal fiber optic link.
- Protocols: Ethernet, UDP.
- Supplement with separate software from link22 for support of other, higher protocols and file transfer.
- Speed: Up to 1Gbit/s (UDP)
- Interface: RJ45/Ethernet in and out
- No configuration required
- Dimensions (WxHxD): 6cm x 3cm x 8.1 cm.
- Weight: 140g.
- Metal housing.
- Intended operating temperature: +10°C to +40°C
- Approval: CE
- Delivered with AC/DC EU (CE) power supply unit, SWI5-5-E, 90-264V.
Data Dioder portfolio
link22 also offers data diodes with other form factors for mounting in racks, DIN rails, etc., as part of our Cross Domain Solutions offering. This is done in collaboration with selected partners.
Contact link22 for more information.
Related products
Related
