SecuriCDS DD1000A
Unidirectional protection for Ethernet layer 2
SecuriCDS DD1000A is a data diode with optical unidirectional data flow to ensure physical separation in one direction. DD1000A offers high performance in a small stand-alone package mountable in a single 1U 19” rack system.
Unidirectional data flow
The SecuriCDS DD1000A takes data protection to a higher level, offering a powerful solution for efficient, risk-free and assured single direction data transfer between security domains. Advenica’s DD1000A provides confidentiality for classified networks and systems and integrity for Industrial Control Systems (ICS). Typical use cases include:
• Data transfer from ICS/SCADA networks to IT networks
• File transfer for data storage replication or software updates
• Secure log collection to administrative or audit network
• IoT data transfer from sensor networks to classified networks
Ethernet layer 2 and full Gigabit Ethernet wire speed
The SecuriCDS DD1000A works on Ethernet Layer 2. All network data on the upstream network will be automatically transferred to the downstream network regardless of overlaying network protocol. The data diode postulates unidirectional network protocols, e.g. UDP, to function correctly in a system.
The data diode offers full Gigabit data throughput in a small package. DD1000A can be used as a tabletop device or mounted as a half-width 19” rack system device. Two SecuriCDS DD1000A devices can be mounted next to each other in a 19’’ rack still with a height of 1U.
Hardware only security
Separation of networks often relies on the configuration of a security device, e.g. firewall rules. Human mistakes will affect the security and the assurance of an implementation is very hard to guarantee. The SecuriCDS DD1000A is designed in hardware only and has no software installed. It uses optical separation internally to guarantee the unidirectional security function. There is no configuration to be made and therefore the device cannot be misconfigured, the unidirectional security function is always assured.
Advantages
- Optical high assurance separation
- Physical upstream separation
- Enables digitalisation without compromising security
- Fulfilment of internal and regulatory requirements
- National approvals
- No configuration needed
Approvals
SecuriCDS DD1000A is approved in Sweden for data transfer between networks of different security levels up to and including the level of HEMLIG/TOP SECRET.
Technical data
Supported protocols
Unidirectional protocols, e.g. UDP, RTP, Syslog
Performance
Network interface
Gbit Ethernet
Data throughput
Gbit wire speed
Ports
Network data (Upstream + Downstream)
2x Gbit Ethernet (RJ45)
Supported standards
Network data ports
IEEE 802.3ab,1000Base-T, Auto MDI/MDIX
Compliance, test standards
- CE, EN55024:2010 (A1:2015). EN61000-6-3:2007 (A1:2011)
- Swedish national approval – Component assurance level N3
Dimensions and Weight
Device Size
216×43.4×167 mm (WxHxD)
Device Weight
2,2 kg
Physical security
- Tamper evident casing
- Inner enclosure to reduce compromising emanations
Environmental characteristics
Storage
-20 – +60°C, 5% – 95% RH non-condensing IEC 60721-3-1 (1K3/1B1/1C2/1S2/1M2)
Transport
-20 – +60°C, 5% – 95% RH non-condensing IEC 60721-3-2 (2K2/2B1/2C1/2S1/2M2)
Stationary use
0 – +50°C, 20% – 90% RH non-condensing IEC 60721-3-3 (3K3/3Z1/3B1/3C1/3S1/3M2)
Electrical characteristics
Input voltage
1x or 2x 12VDC (Separate power inlets for upstream and downstream interfaces, power bridge cable included)
Power consumption
5W
External power supply (included)
1x 90-260VAC / 12VDC (Power supply rating 15W)
Depending on your requirements, one or two power supplies may be used to power DD1000A.
Dimensions and Weight
Device Size
216×43.4×167 mm (WxHxD)
Device Weight
2,2 kg
Some security challenges where datadiodes are a good solution
Traceability and security logging
Centralised logging in security-sensitive systems involves an enhanced risk of attacks. To reduce the risks, a solution is needed that protects both log data and all connected systems. Read more about traceability and security logging.
Secure transfer of SCADA information
To transmit critical information, e.g. from a SCADA system to an administrative office network means potential security risks. But there are solutions that take care of security problems and at the same time enables an exchange of information. Read more about secure transfer of SCADA information.
Secure updates
Updates for Windows and Linux systems are an important part of maintaining the security of the digital information in these systems. However, the updates themselves may be a security risk – to avoid these risks and to maintain the integrity and availability of the systems and be able to make secure updates, special solutions are required. Read more about secure updates.