A solution often used to protect sensitive or classified information from leakage or manipulation is to disconnect it from other networks entirely. However, there are situations when data needs to be transferred to or from the protected network – for that, a data diode is a good solution. There are many benefits with using data diodes, so we have listed some of them. Read our blog post where we list 14 benefits with Advenica’s data diodes!
What is a data diode?
A data diode is a security product that is placed between two networks and acts as a non-return valve whose function only allows data to be sent in one direction while blocking all data in the opposite direction. Since the security properties of the data diode are based on hardware and optical fiber, it can be shown that it is physically impossible for data to be transported in the opposite direction.
Read more about how a data diode works!
Benefits with Advenica’s data diodes
There are many benefits with using data diodes – below, we have listed 14 of the benefits that Advenica’s data diodes have!
1. Meets the highest security requirements
Advenica’s data diodes meet the highest demands on both security and assurance. Internal separation of functions, multi-stage unidirectional security and deep security analysis provides trust and high assurance. Special attention has been given to eliminate the risk of covert channels in the reverse direction. Advenica’s data diodes DD1000A and DD1000i are also approved by the Swedish Armed Forces with component assurance level N3, according to Swedish national security requirements. Component assurance level N3 can be used in systems with high impact level (e.g. handling secret information up to SECRET/TOP SECRET) but where the component level of exposure is somewhat limited.
2. Different data diodes for different purposes
Advenica’s portfolio consists of data diodes of different types, ranging from small DIN mounted devices to 19” rack mounted devices. You can choose from having proxy computers integrated in the diode chassis or purchasing a simpler data diode device and deploying the proxy software in external proxy machines.
3. Made in Sweden
Advenica’s data diodes are designed, developed and manufactured in Sweden. By controlling every step from design to aftermarket, we can ensure confidence in our security features. This enables us to develop high-security products for critical data up to Top Secret classification.
4. Possibilities for customer alterations
Does the list of supported protocols not satisfy your needs? Tell us about your use case and let our Customer Solutions team develop specific features based on your needs. Everything from feature growth in the platform itself to support for additional protocols is possible.
5. Easy to administrate
Data diodes are easy to install and configure, and a simple standard use case can be deployed in a couple of hours. Monitoring is done using standard methods such as SNMP and Syslog that allows integration with all widely used network monitoring tools. Configuration changes are applied using a simple to use web application interface.
6. Defence-in-depth
Advenica’s DD1000i data diode is designed according to the principle of defence-in-depth where the proxies and the data diode act as different layers of security controls. The proxies block all communication not explicitly allowed and the data diode module blocks, with very high assurance, all information transfers in the forbidden, reverse direction.
7. No dead code
Advenica’s DD1000i contains no dead code. Configure and upload a custom configuration to the device based on the specific protocol support you need. There is no way to activate or change the supported protocols without uploading a new configuration to the device. Hardened OS – only the necessary packages to support normal operation are included in the firmware running on the device.
8. Unique certification – N3
Advenica’s data diodes have a unique certification for N3 in Sweden – we are the only ones with this certification level in Sweden. N3 is a certification issued by the Swedish Armed Forces. Data diode DD1000A and data diode DD1000i are approved by the Swedish Armed Forces with component assurance level N3, which e.g. handles data up to, and including, level HEMLIG/ SECRET, according to the Swedish Armed Forces’ Requirements for Security Functions (KSF).
9. Full galvanic separation
Data diodes DD1000A och DD1000i: Special attention has been given to eliminate the risk of covert channels in the reverse direction, resulting in functions like one PSU for each side of the data diode, and RFI/ EMI-reducing internal enclosures to minimise compromising emanations.
10. Separation of duties
Separation of duties is supported, different interfaces for data transfer and admin/log data.
11. Higher assurance
Data diodes offer an extremely high assurance level. You can actually say that a data diode corresponds to an air gap in the reverse direction. We have shown to an external evaluator that there are no currently known physical phenomenas that can be used to transmit information in the reverse direction.
Read more about how data diodes can be considered as an effective alternative to air gaps!
12. Redundant power supply
To ensure high availability, data diode DD1G supports redundant power supply. In our other data diodes, for assurance reasons, there is no electrical connection between the two sides, which makes redundant power supply difficult.
13. Minimise the risk of lost data
Data diode DD1000i has specially adapted software to minimise the risk of lost data between the sending and receiving proxy.
14. Products that live long
Data diodes DD1000A and DD1G are constructed with components that have a very long life and lack mechanically moving parts such as fans or processors. Once you have installed these data diodes, you do not need to do any updates. The MTBF for these products is 91,000 hours, i.e. just over 10 years.
Download our PDF listing these 14 benefits!
Does this sound interesting? Read more about Advenica’s data diodes!