You might know that data diodes are network devices for one-way communication that connect two security domains or networks of the same or different security levels. But do you know for what different solutions data diodes can be used? We give you five things you can use a data diode for!
What is a data diode?
A data diode is a cybersecurity solution that ensures unidirectional information exchange. This high assurance hardware device maintains both network integrity by preventing intrusion, as well as network confidentiality by protecting the most security sensitive information.
How does a data diode work?
Data diodes are the failsafe way to protect sensitive systems and confidential data. Data diodes are small hardware devices, also called "unidirectional security gateways", which sit between two networks. Working like a check valve, the function of a data diode is to allow all data to pass in the forward direction, while blocking all data in the reverse direction. The fiber optical connection makes it physically impossible for data to travel in the opposite direction. And as it is not software, it cannot be compromised by malicious code, which is partly why data diodes are considered high assurance devices.
What is a data diode used for?
Many networks require extra protection against tampering and data leakage because they contain classified or sensitive information. They may therefore be isolated for security reasons. However, there may be times when information needs to be sent to or from such networks. In these cases, a data diode can be very useful.
If a data diode is directed out from the high security network towards a network with a lower security level, data can be transferred while the network stays protected. By transferring information via a data diode, you are guaranteed that no one can use the same connection in the opposite direction to reach the secure network and disrupt the availability or integrity of the systems.
A data diode can also be directed in towards the secure network. In these cases, it is most likely that you want to collect information of some kind from another network. The security issue, however, is how to collect the information and at the same time make sure that there is no leakage of sensitive data from your network through this channel. A data diode will ensure the confidentiality of the network by preventing any form of leakage from happening.
Five things you can use data diodes for
There are more ways to use a data diode than you might think. You can use them for countless solutions, but here are five ways you may not have known about!
1. Data diodes and IoT sensor networks
If you have an IoT sensor network, you want to be able to protect your network from tampering, but still be able to export sensor data. If the sensors are manipulated, it can have major consequences as very critical information is often involved. It is also crucial that incorrect data is not sent. When the sensor data is exported, the data diode can ensure that the information can be extracted, but that the sensor network is protected against threats. In this case, the diode is connected so that only export of sensor data is possible.
2. Data diodes and HTTP mirror
An HTTP mirror is a way to mirror a website into a secure network in order to see the content securely. By using an HTTP mirror you do not have to download the information directly online, and thereby you can limit the possibilities for cyberattacks. A data diode ensures that the website can be mirrored/copied into the protected environment and ensures that no information can be leaked.
3. Data diodes and traffic tapping
By using TAP (Test Access Point) or port mirroring (e.g. SPAN) where the traffic is dropped on a mirrored port on (usually) a switch, you can do a traffic tapping on a duplicate of the traffic. This way you can monitor OT or ICS systems without security risks.
It can also be of value to know if someone has been inside your system and to be able to see exactly what has happened – then you can use a so-called intrusion detection system. In this case, a data diode can be used to ensure that the intrusion detection system can only listen to the traffic, but not in any way affect the systems in OT/ICS.
4. Data diodes and video streaming
When streaming video, for example through a surveillance camera, a good security solution can be to let the multiple streams of information flow through a data diode. The purpose of the data diode will then be to protect the IT environment so that the connection between camera and network does not become an input for an attack.
5. Data diodes and logging
Data diodes can be a good solution when working with logging. The purpose of logging is to be able to see if something has gone wrong, and if so what, much like a black box in an airplane. When exporting log data from a device that you want to monitor, a data diode can ensure that the log information can only go in one direction, so that the log analysis system cannot affect the sensitive systems being monitored.
Do you want to know more ways you can use a data diode? Read our Use Case about how you can protect information in critical infrastructure!
In our customer case you can learn more about Advenica’s data diodes and how they can be used to protect SCADA systems!