Data diodes are known to be simple products that make a big difference by being able to guarantee secure one-way communication. But did you know that there are different types of data diodes? In this blog post, we will discuss the different data diodes that Advenica offers and how these can be used with or without software.
What is a data diode?
Data diodes are the fail-safe way to protect sensitive systems and confidential data. A data diode is a security product that is placed between two networks and acts as a non-return valve whose function only allows data to be sent in one direction while blocking all data in the opposite direction. Since the security properties of the data diode are based on hardware and optical fiber, it can be shown that it is physically impossible for data to be transported in the opposite direction. Because security is not based on software, there are no vulnerabilities in the form of software bugs, nor can it be attacked by malicious code. Hardware-based security means that you can show that data diodes have high assurance.
Advenica’s data diodes
Advenica has data diodes in different formats and functions depending on needs, budget and use cases. Some use cases work without special software and then a more simple data diode fits well. If you have a limited budget, you can choose such a simple data diode and add the software yourself, or alternatively buy finished software that runs on a suitable platform. If, on the other hand, you want an integrated solution with everything in one package, you can choose a slightly more expensive data diode with built-in software for all the most common use cases.
Data diodes without software – DD1G and DD1000A
Separation of networks is often dependent on the configuration of a security device, e.g. firewall rules. Human error will affect security which makes assurance of an implementation very difficult to guarantee. Some data diodes, such as Advenica’s data diode DD1000A, are hardware only and have no software installed. They use optical separation to guarantee the unidirectional security function. There is no configuration to do and therefore the device cannot be misconfigured – the one-way security function is always ensured.
Advenica’s data diodes are easy to install and operate, because they are so simple. You can choose between rack-mounted and mounting on a DIN rail. A data diode without software can, for example, be used to send out log events from a secure network to a SIEM system or to stream video between two different security domains. Advenica has two types of this kind of data diode and they are called DD1G and DD1000A. The difference between these is that the DD1G has a slightly smaller form factor and is suitable for installation on a DIN rail. The DD1000A is slightly larger and is well suited for rack mounting. The DD1G has redundant power supplies that can supply both sides of the diode. The DD1000A has a separate power supply for the highest level of safety and also has an N3 approval from the Swedish Armed Forces.
Data diodes can be combined with external software
For more complicated use cases, for example file transfer or email, software is needed in the form of proxies that convert the two-way protocols into one-way data streams. Here you can choose whether you want to develop these yourself or buy from a supplier. Advenica has proxy software for a large number of protocols and use cases that can run either on bare-metal or in virtual servers. The advantage of buying proxies from a supplier is that you get a stable and professionally developed product with ongoing updates and support when needed. If, on the other hand, you have access to the right skills in software and prefer to make your own software, it can be an advantage to choose that option because you get full control and can modify its function exactly when and how you want. Just keep in mind that you have to take personal responsibility for the software throughout its life cycle and that over time this can become costly.
Data diode with internal proxies – DD1000i
Advenica’s data diode DD1000i has built-in proxies with associated software, so you get everything in a single 19-inch chassis. Advenica takes full responsibility for both hardware and software, and you receive ongoing functional and security-related upgrades. Should the existing protocol support not meet the needs, Advenica offers the possibility to tailor proxy software for specific needs. Advenica’s DD1000i is adapted for rack mounting, has a separate power supply for both sides of the data diode, and an N3 approval from the Swedish Armed Forces.
By combining data diodes with external proxies, alternatively choosing a solution with built-in proxies, you can adapt your data diode solution according to the desired security level, function, and budget. Some typical use cases are:
- Media streaming or CCTV monitoring.
- Sensor output from ICS/SCADA network to IT network.
- File export or import, e.g. data storage replication or software updates
- Secure log collection to administration or audit networks
- Sensor input from lower classified network to higher classified network
Do you want to know more about which data diode can be suitable for you? Do not hesitate to contact us!
Interested in our data diodes? You can find them all here!