Learning Centre / Articles / What is a cross domain solution?
Articles

What is a cross domain solution?

min read
The Earth is depicted at the center, surrounded by a web of interconnected lines symbolizing global secure connections

Cross Domain Solutions enable strictly controlled and filtered information exchange between domains with different security or protection needs. But there are different kinds of Cross Domain Solutions – unidirectional and bidirectional.


Questions we cover in this article

What is a Cross-Domain Solution?

Cross Domain Solutions (CDS) address the concept of communicating, sharing, or moving information between domains and apply validation, transformation and filtering to the exchange. The purpose is to apply strict information-level control information transfers, whereas highly assured security addresses cybersecurity threats such as manipulation, data leakage and intrusion.

How does a Cross Domain Solution work?

Cross Domain Solutions include three types of information
exchange principles:

  • Bidirectionally to tailor information exchange.

  • Unidirectional for ensuring integrity or confidentiality of domains.

  • Airgap between systems using manual transfer and control of
    the information.

crossdomain.jpg

Bidirectional information exchange

Bidirectional gateways allow for a strictly controlled two-way filtered information flow. It uses filters in both directions and information is always controlled using full message inspection. The filter can allow information to pass depending on several factors e.g. source/destination addresses, file formats, attributes or the presence of a digital signature.

Unidirectional information exchange

For unidirectional information exchange, a data diode can be used. Guaranteeing a unidirectional flow of information means sensitive information can be transferred without jeopardising the integrity or the confidentiality of the network, depending on how the data diode is used. Another benefit lies in the technology of a data diode. Being hardware and not software based means it cannot be attacked by malicious code and intrusion is thereby prevented. A data diode allows you to transfer the data without putting the security of the network at risk.

Should we use a security gateway or firewall?

With a firewall, it is difficult to know exactly what information enters or leaves a system. Organisations handling sensitive data, especially in infrastructure, authorities, industry or defence require higher security. Therefore, additional solutions such as a high-assurance Security Gateway are needed.

A Security Gateway can be compared to a firewall as it regulates what traffic that can enter and exit a network. A comparison to explain the difference between a Security Gateway and a firewall could be to visualise an airport. The firewall would be the check-in desk where a simple check is performed, such as identity and ticket control. The Security Gateway would be the security control where you are more scrutinised, your bags are looked through, you go through body visitation, and so on.

For some types of businesses, a firewall is simply not enough.
- Cybersecurity Engineer


A firewall is a device with the purpose to protect your network by only blocking known bad traffic to enter or exit. It monitors and filters what packets are blocked based on its configuration.

Want to find the best solution for your business needs?
We are at your service.

Contact us

Data diode DD500e

What is a data diode?


Data diodes are hardware devices, also called “unidirectional security gateways”, which sit between two networks. Working like a check valve, the function of a data diode is to allow all data to pass in the forward direction, while blocking all data in the reverse direction.

The built-in fiber optical connection and the fact that the internal receiver cannot transmit information makes it physically impossible for data to travel in the opposite direction. And as it is not software, it cannot be directly attacked by malicious code, which results in high assurance.

Some common use cases for data diodes:

  • Import and export files between different zones.

  • Connect a integrity-sensitive OT system to other systems.

  • Centralised log collection in security-sensitive systems.

  • Transfer critical information, e.g. from a SCADA system to an administrative office network.

  • Windows and Linux system updates.

Interested in learning more about our data diodes?

Discover all our data diodes

Related products

FAQ

Who needs a data diode?

Organisations that handle sensitive information, such as those in defence, authorities, infrastructure, and industry.

What are the various types of data diodes?

Advenica offers a broad portfolio of data diodes including DD1000i, DD1000A, DD1G, DD500E, DDSFX-10G, Data Diode Engine and Data Diode Services.

How does a data diode work?

A data diode allows data to move in only one direction using optical fiber with a sender and receiver. This prevents two-way communication, stopping cyberattacks, data leakage, and manipulation. Because it is hardware-based, it cannot be compromised by malicious software, helping protect the network’s confidentiality and integrity.

What is the difference between bidirectional and unidirectional information exchange?

Bidirectional information exchange allows data to flow both ways between two networks, while unidirectional exchange lets data flow only in one direction, preventing any return traffic.

The purpose of a bidirectional exchange is to enable secure two-way communication between networks, allowing data to be sent and received while maintaining security controls. The purpose of a unidirectional exchange is to protect sensitive or high-security networks by letting data leave the network without allowing any data or potential threats to return.

Contact us

Let's find the right solution for you. We are at your service.

rickard nilsson sales person advenica

Rickard Nilsson

COO