Secure communication to or from a high security domain using data diodes and secure cloud
Do you want to send data to a secure data-sharing platform from a network with a higher security classification without exposing it? Read more
Articles
5 things you can use a data diode for
min read
Data diodes are best known for enabling secure one-way data transfer between networks, but they can be used in several ways. In this article, we highlight five lesser-known ways data diodes can be used to solve organisations’ security challenges.
Questions we cover in this article
What is a data diode?
A data diode is a cybersecurity solution that ensures unidirectional information exchange. This high assurance hardware device maintains both network integrity by preventing intrusion, as well as network confidentiality by protecting the most security sensitive information.
How does a data diode work?
Data diodes are the failsafe way to protect sensitive systems and confidential data. Data diodes are small hardware devices, also called “unidirectional security gateways”, which sit between two networks. Working like a check valve, the function of a data diode is to allow all data to pass in the forward direction, while blocking all data in the reverse direction. The fiber optical connection makes it physically impossible for data to travel in the opposite direction. And as it is not software, it cannot be compromised by malicious code, which is partly why data diodes are considered high assurance devices.
What is a data diode used for?
Many networks require extra protection against tampering and data leakage because they contain classified or sensitive information. They may therefore be isolated for security reasons. However, there may be times when information needs to be sent to or from such networks. In these cases, a data diode can be very useful.
If a data diode is directed out from the high security network towards a network with a lower security level, data can be transferred while the network stays protected. By transferring information via a data diode, you are guaranteed that no one can use the same connection in the opposite direction to reach the secure network and disrupt the availability or integrity of the systems.
A data diode can also be directed in towards the secure network. In these cases, it is most likely that you want to collect information of some kind from another network. The security issue, however, is how to collect the information and at the same time make sure that there is no leakage of sensitive data from your network through this channel. A data diode will ensure the confidentiality of the network by preventing any form of leakage from happening.
Want to fint the right solution for you? We are at Your Service.
Five things you can use data diodes for
- Data diodes and IoT sensor networks
If you have an IoT sensor network, you want to be able to protect your network from tampering, but still be able to export sensor data. If the sensors are manipulated, it can have major consequences as very critical information is often involved. It is also crucial that incorrect data is not sent. When the sensor data is exported, the data diode can ensure that the information can be extracted, but that the sensor network is protected against threats. In this case, the diode is connected so that only export of sensor data is possible. - Data diodes and HTTP mirror
An HTTP mirror is a way to mirror a website into a secure network in order to see the content securely. By using an HTTP mirror you do not have to download the information directly online, and thereby you can limit the possibilities for cyberattacks. A data diode ensures that the website can be mirrored/copied into the protected environment and ensures that no information can be leaked. - Data diodes and traffic tapping
By using TAP (Test Access Point) or port mirroring (e.g. SPAN) where the traffic is dropped on a mirrored port on (usually) a switch, you can do a traffic tapping on a duplicate of the traffic. This way you can monitor OT or ICS systems without security risks.
It can also be of value to know if someone has been inside your system and to be able to see exactly what has happened – then you can use a so-called intrusion detection system. In this case, a data diode can be used to ensure that the intrusion detection system can only listen to the traffic, but not in any way affect the systems in OT/ICS. - Data diodes and video streaming
When streaming video, for example through a surveillance camera, a good security solution can be to let the multiple streams of information flow through a data diode. The purpose of the data diode will then be to protect the IT environment so that the connection between camera and network does not become an input for an attack. - Data diodes and logging
Data diodes can be a good solution when working with logging. The purpose of logging is to be able to see if something has gone wrong, and if so what, much like a black box in an airplane. When exporting log data from a device that you want to monitor, a data diode can ensure that the log information can only go in one direction, so that the log analysis system cannot affect the sensitive systems being monitored.
Use cases
Related products
-
Data Diode DD500E
Tailor-made for industrial use.
-
Data Diode DD1G
Gigabit one-way data flow.
-
Data Diode DD1000A
High security one-way data flow.
-
Data Diode DD1000i
Appliance with integrated proxies.
-
Data Diode DDSFX-10G
Unique SFP-based data diode.
-
Data Diode Engine
Enabling one-way data flow.
-
Data Diode Services
Transforming two-way to one-way.
FAQ
Who needs a data diode?
Organisations that handle sensitive information, such as those in defence, authorities, infrastructure, and industry.
What are the various types of data diodes?
Advenica offers a broad portfolio of data diodes including DD1000i, DD1000A, DD1G, DD500E, DDSFX-10G, Data Diode Engine and Data Diode Services.
How does a data diode work?
A data diode allows data to move in only one direction using optical fiber with a sender and receiver. This prevents two-way communication, stopping cyberattacks, data leakage, and manipulation. Because it is hardware-based, it cannot be compromised by malicious software, helping protect the network’s confidentiality and integrity.
How much does a data diode cost?
There are different types of data diodes with different functions, which also means that the costs can vary. Something that also can affect the price is if the data diode is certified.
Advenica’s data diodes have a unique certification, N3, in Sweden – Advenica are the only ones with this certification level in Sweden. N3 is a certification issued by the Swedish Armed Forces.
Advenica’s data diodes DD1000A and DD1000i are approved by the Swedish Armed Forces at component assurance level N3, which e.g. handles data up to and including level KVALIFICERAT HEMLIGT/TOP SECRET according to the Swedish Armed Forces’ “Krav på säkerhetsfunktioner” (KSF). So a higher cost for a data diode with a high certification will also give you much higher security.
Do you want to know more about our data diodes? Do not hesitate to contact us. We are at your service.
Sectors We Serve
Contact us
Let's find the right solution for you. We are at your service.
Rickard Nilsson
COO
