U

Start » Cross Domain Solutions » Data Diode SecuriCDS DD1000i

SecuriCDS DD1000i

High assurance data diode with integrated proxies

SecuriCDS DD1000i is a data diode appliance that
enables unidirectional data flow and physical network
separation using optical technology. The DD1000i has
built-in proxy software from Advenica enabling a variety
of use cases.

Unparalleled protection against cyber threats

Data diode solutions provide confidentiality and integrity for sensitive networks and systems, preventing any potential backflow of information or unauthorised access from the outside.

Common use cases include file transfer between networks with different classification, or data export from networks of critical infrastructure or Industrial Control Systems (ICS). The Advenica SecuriCDS DD1000i provides network separation using optical technology and has built-in support for all typical data diode applications in one appliance.

Streamlined integration

The use of a data diode often requires the interfacing systems to handle proxy functionality, needed for any application requiring bidirectional communication.

The SecuriCDS DD1000i comes with integrated proxy servers and can run all application specific data diode services available from Advenica.

Support for multiple use cases is provided in one 1U 19’’ appliance, reducing both system complexity and total cost of ownership.

Meeting the highest security demands

The SecuriCDS DD1000i meets the highest demands on both security and assurance. The unidirectional data flow is guaranteed by a separate hardware component isolated from the integrated proxies. Special attention has been given to eliminate the risk of covert channels in the reverse direction.

The SecuriCDS DD1000i is approved in Sweden for data transfer between networks of different security levels up to and including the level of HEMLIGT/KVALIFICERAT HEMLIGT i.e. SECRET/TOP SECRET. Non-public approvals available in other European countries.

Key features

  • Data diode with optical separation and proxy servers in one appliance.
  • Growing library of software services for multiple use cases such as file transfer and log export.
  • Intuitive administration and device management.
  • Failover support.
  • Fulfilment of internal and regulatory requirements.
  • National approvals

Technical brief

  • 1Gbps interfaces
  • Separated data and admin physical interfaces
  • Built-in heartbeat upstream to downstream
  • Monitoring through Syslog and SNMP
  • Built-in error correction
  • 1U in a 19’’ rack system

Technical data

Supported applications and protocols

The DD1000i supports a growing library of software services including:

  • Data transfer (UDP, TCP)
  • File transfer (SFTP, SMB, NFS)
  • Log export (Syslog)
  • Email transfer (SMTP)
  • Time export/import (NTP)

 

Performance

Network interface
Gbit Ethernet

Internal data diode capacity
1 Gbit (including error correction data)

Error correction
Built-in, configurable

 

Physical security

  • Tamper evident casing.
  • Removable storage media (tamper seal not affected).
  • Padlock support for covering administrative interfaces and removable storage media.
  • Inner enclosure to reduce compromising emanations.
  • Separate power inlets for Upstream and Downstream interfaces.

 

Administration and monitoring

  • Web interface for device administration.
  • Monitoring: Syslog and SNMP support.

 

Ports

Network data (Upstream + Downstream)
2x Gbit Ethernet (RJ45)

Administration (Upstream + Downstream)
2x Gbit Ethernet (RJ45), 2x VGA, 6x USB 2.0

 

Cooling

6x Built-in fans (redundant function)

Supported standards

Network data ports

  • IEEE 802.3u (100Base-TX), IEEE 802.3ab (1000Base-T)
  • Auto MDI/MDIX
  • Management protocols
  • HTTPS (Web GUI), Console port, SNMP

Compliance, test standards

  • CE, EN55024:2010 (A1:2015). EN61000-6- 3:2007 (A1:2011)
  • Swedish national approval – Component assurance level N3 according to KSF 3.1

 

Dimensions and Weight

Device Size
1U (43.4mm), 437 x 504 mm (WxD)

Device Weight
9 kg

 

Environmental characteristics

Storage
-20 – +60°C, 5% ~ 95% RH non-condensing IEC 60721-3-1 (1K3/1B1/1C2/1S2/1M2)

Transport
-20 – +60°C, 5% – 95% RH non-condensing IEC 60721-3-2 (2K2/2B1/2C1/2S1/2M2)

Stationary use
+5 – +40°C, 8% – 90% RH non-condensing IEC 60721-3-3 (3K3/3Z1/3B1/3C1/3S1/3M2)

 

Electrical characteristics

Input voltage
2x 100-240VAC, 50-60Hz (Separate power inlets for Upstream and Downstream interfaces)

Power consumption
2x 25W (Power supply rating 2x 200W)

Some security challenges where datadiodes are a good solution

Traceability and security logging

Centralised logging in security-sensitive systems involves an enhanced risk of attacks. To reduce the risks, a solution is needed that protects both log data and all connected systems. Read more about traceability and security logging.

Secure transfer of SCADA information

To transmit critical information, e.g. from a SCADA system to an administrative office network means potential security risks. But there are solutions that take care of security problems and at the same time enables an exchange of information. Read more about secure transfer of SCADA information.

Secure updates

Updates for Windows and Linux systems are an important part of maintaining the security of the digital information in these systems. However, the updates themselves may be a security risk – to avoid these risks and to maintain the integrity and availability of the systems and be able to make secure updates, special solutions are required. Read more about secure updates.

Certifications and approvals

Advenica solutions have been awarded several prestigious approvals by the European Union, national certification bodies and international IT security certification bodies. We also hold US patent for our VPN technology, Three Domain Separation.

Warranty

Advenica warrants that this product will be free from defects in material and workmanship for one (1) year from the date of purchase.