Offline Update

The link22 Offline Update enables greater security when updating software in physically separated environments. The product automates and secures the download flow of software updates. link22 Offline Update automatically retrieves files, through a scheduler, onto a security airlock. In the security airlock, the file is inspected with link22 Guard and customizable filters. One of the filters allows the file to be broken down and reassembled according to the principles of “Content Disarm and Reconstruction (CDR)”. The file is then distributed to the correct location in the target system. link22 Offline Update is designed for one-way data flows over data diodes.

Unidirectional data flows

link22 Offline Update is specifically developed for physically separated domains, meaning domains where information goes through unidirectional data flows over data diodes. The solution ensures that downloads are inspected and managed in and inbetween domains that receive and/or send data through unidirectional data diodes.

Custom filtering

Files are inspected by link22 Data Guard, where a thorough inspection of each file occurs. The file is broken down into components that are examined to detect vulnerabilities. Inspection can be done with traditional antivirus software, but we also support Content Disarm and Reconstruction” (CDR). link22 Data Guard is built on an open architecture, allowing for the addition of custom filters tailored to your business. Our development kit makes it easy to expand and customize filtering.

One inspection – multiple destinations

Our efficient architecture ensures that information that is to be distributed to multiple end domains or target environments only needs to be inspected once. With link22 Offline Update, we increase security without compromising efficiency.

Specifics about Offline Update

Offline Update hur funkar det

Review takes place before distribution to minimize the number of steps and thereby maintain an efficient data flow. The product can be supplemented with CDR in step four for increased security. Through various security mechanisms (firewall, diode, inspection) to the target system, a controlled flow of incoming files is ensured.

For example, we can handle the following files from the Internet today;
  • Linux updates (Ubuntu, Rocky, CentOS, Epel, Raspbian, and more)
  • Antivirus software updates (Defender ClamAV, and more)
  • Docker
  • Python repositories
  • Emacs Packages
  • CRL lists and CA
  Access to downloaded files is done either via HTTPS or file sharing. This means that, for example, Linux computers believe they are online and can easily be patched regularly.