Pioneers in diode software
link22 has developed standalone diode software since 2016 and are experts in the field. Our software is used by numerous customers to protect classified information as well as to secure critical infrastructure (OT).
Hardware independent
Get the most out of your Data Diode
A physical data diode is limited to handling unidirectional UDP traffic. However, most systems use services that operate at a higher level, based on protocols such as TCP. By installing diode software on both sides of the data diode, support for more complex protocols and transmission of files is enabled.
By using diode software, the benefits of data diodes are multiplied. link22 offers a range of diode software for various needs.
DIODE TRANSFER
link22’s software product, Diode Transfer, was created to enable reliable, high-performance file transfer across data diodes. It can run on a physical or virtual server in conjunction with any data diode on the market.
link22 Diode Transfer is optimized to handle both very large files and libraries with thousands of files. This makes the product highly suitable for a variety of use cases:
- Importing confidential files into offline environments.
- Importing software updates into offline environments.
- Mirroring software repositories to offline environments.
- Unidirectional export of logs and historical data from critical infrastructure facilities (energy plants, power plants, water treatment plants).
- Segmentation between IT (Information Technology) and OT (Operational Technology).
- Unidirectional export from critical production and control systems (ICS).
- Network segmentation within the finance/banking sector. Secure unidirectional file transfer between production environments, data vaults, etc.
- Backup of files to physically separated environments.
Transfer Agent
In cases where encrypted file flows are needed, link22 offers the Secure Transfer Agent product. It’s a software agent that encrypts and signs files for further transport across data diodes. This provides transport protection throughout the chain and ensures the integrity of the files. It is particularly suitable where confidentiality requirements are high. A common use case is automated data transfers across the diode.
The transfer agent monitors local directories and replicates changes. The agent is located on each side of a data diode, acting as a sending or receiving agent. Using a soft certificate, files can be signed and encrypted by the sending agent and decrypted by the receiving agent.
TCP CONNECTOR
TCP Connector is link22’s product designed to enable secure streaming of TCP data across data diodes. The product consists of two applications: one running upstream of the diode and one running downstream.
TCP Connector can be used to securely capture an external data stream and channel it into an offline IT environment. It can also be used to export sensor data and logs, for example, from an energy plant via a diode, with full confidence that no malicious software can travel in the opposite direction.
Details about Diode Software
Diode Transfer - File transfer
link22’s software product, Diode Transfer, enables reliable, high-performance file transfer across data diodes. It works with hardware diodes that support UDP, regardless of the manufacturer.
Diode Transfer supports the transfer of very large files as well as file libraries with thousands of files in folder structures.
By calculating and then comparing checksums, the software can reliably ensure that files have been transferred correctly across the hardware diode, even though the communication is unidirectional.
The software can be configured to send information multiple times, resending, thus compensating for any packet loss. It also allows for bandwidth usage regulation to create optimal conditions for successful file transfer.
The product supports both files on local disks and externally shared file directories.
Transfer Mode and Mirror Mode
There is support for both transfer mode and mirror mode. In transfer mode, individual files or entire folder structures are transferred directly when placed in the sharing area and appear immediately in the corresponding sharing area on the other side of the diode. The files are deleted from the sending side.
In mirror mode, a folder structure with files is mirrored to an identical structure on the receiving side. The mirroring on the receiving side is continuously traversed to ensure that it is consistently identical to the source.
Standalone Software
Diode Transfer is delivered as RPM packages for installation on Linux (RHEL 8 and 9). There is also support for SELinux. They can be installed on physical or virtual servers.
Transfer Agent - Encrypted file transfer
The Transfer Agent is a software agent that encrypts and signs files. The agent is installed on each side of a data diode, acting as a sending or receiving agent.
It supports both encryption and packaging in plaintext. The agent signs and encrypts a file using a soft certificate, with decryption on the receiving side. Alternatively, a file can be signed and packaged in plaintext.
It can be configured to handle an arbitrary number of data streams.
Supports both transfer mode and mirror mode.
Runs as a service/daemon on Windows or RHEL 8.
TCP Connector - Streaming data
TCP Connector is a software product that enables secure streaming of TCP data across a physical data diode without compromising security. The product consists of two applications: one running upstream of the diode and one running downstream.
TCP Connector supports both UDP and TCP streaming of data across a diode. The application supports multiple concurrent streams, making it a flexible solution for a variety of use cases.
TCP Connector is delivered as RPM packages for installation on Linux (RHEL 8). They can be installed on physical or virtual servers.
Diode Software for ICS och automation
link22 also works with software to manage messaging and automation protocols across hardware diodes. Contact us for more information.