SecuriCDS DD1000i
High assurance data diode with integrated proxies
SecuriCDS DD1000i is a data diode appliance that
enables unidirectional data flow and physical network
separation using optical technology. The DD1000i has
built-in proxy software from Advenica enabling a variety
of use cases.
Unparalleled protection against cyber threats
Data diode solutions provide confidentiality and integrity for sensitive networks and systems, preventing any potential backflow of information or unauthorised access from the outside.
Common use cases include file transfer between networks with different classification, or data export from networks of critical infrastructure or Industrial Control Systems (ICS). The Advenica SecuriCDS DD1000i provides network separation using optical technology and has built-in support for all typical data diode applications in one appliance.
Streamlined integration
The use of a data diode often requires the interfacing systems to handle proxy functionality, needed for any application requiring bidirectional communication.
The SecuriCDS DD1000i comes with integrated proxy servers and can run all application specific data diode services available from Advenica.
Support for multiple use cases is provided in one 1U 19’’ appliance, reducing both system complexity and total cost of ownership.
Meeting the highest security demands
The SecuriCDS DD1000i meets the highest demands on both security and assurance. The unidirectional data flow is guaranteed by a separate hardware component isolated from the integrated proxies. Special attention has been given to eliminate the risk of covert channels in the reverse direction.
The SecuriCDS DD1000i is approved in Sweden for data transfer between networks of different security levels up to and including the level of HEMLIGT/KVALIFICERAT HEMLIGT i.e. SECRET/TOP SECRET. Non-public approvals available in other European countries.
Key features
- Data diode with optical separation and proxy servers in one appliance.
- Growing library of software services for multiple use cases such as file transfer and log export.
- Intuitive administration and device management.
- Failover support.
- Fulfilment of internal and regulatory requirements.
- National approvals
Technical brief
- 1Gbps interfaces
- Separated data and admin physical interfaces
- Built-in heartbeat upstream to downstream
- Monitoring through Syslog and SNMP
- Built-in error correction
- 1U in a 19’’ rack system
Technical data
Supported applications and protocols
The DD1000i supports a growing library of software services including:
- Data transfer (UDP, TCP)
- File transfer (SFTP, SMB, NFS)
- Log export (Syslog)
- Email transfer (SMTP)
- Time export/import (NTP)
Performance
Network interface
Gbit Ethernet
Internal data diode capacity
1 Gbit (including error correction data)
Error correction
Built-in, configurable
Physical security
- Tamper evident casing.
- Removable storage media (tamper seal not affected).
- Padlock support for covering administrative interfaces and removable storage media.
- Inner enclosure to reduce compromising emanations.
- Separate power inlets for Upstream and Downstream interfaces.
Administration and monitoring
- Web interface for device administration.
- Monitoring: Syslog and SNMP support.
Ports
Network data (Upstream + Downstream)
2x Gbit Ethernet (RJ45)
Administration (Upstream + Downstream)
2x Gbit Ethernet (RJ45), 2x VGA, 6x USB 2.0
Cooling
6x Built-in fans (redundant function)
Supported standards
Network data ports
- IEEE 802.3u (100Base-TX), IEEE 802.3ab (1000Base-T)
- Auto MDI/MDIX
- Management protocols
- HTTPS (Web GUI), Console port, SNMP
Compliance, test standards
- CE, EN55024:2010 (A1:2015). EN61000-6- 3:2007 (A1:2011)
- Swedish national approval – Component assurance level N3 according to KSF 3.1
Dimensions and Weight
Device Size
1U (43.4mm), 437 x 504 mm (WxD)
Device Weight
9 kg
Environmental characteristics
Storage
-20 – +60°C, 5% ~ 95% RH non-condensing IEC 60721-3-1 (1K3/1B1/1C2/1S2/1M2)
Transport
-20 – +60°C, 5% – 95% RH non-condensing IEC 60721-3-2 (2K2/2B1/2C1/2S1/2M2)
Stationary use
+5 – +40°C, 8% – 90% RH non-condensing IEC 60721-3-3 (3K3/3Z1/3B1/3C1/3S1/3M2)
Electrical characteristics
Input voltage
2x 100-240VAC, 50-60Hz (Separate power inlets for Upstream and Downstream interfaces)
Power consumption
2x 25W (Power supply rating 2x 200W)
Some security challenges where datadiodes are a good solution
Traceability and security logging
Centralised logging in security-sensitive systems involves an enhanced risk of attacks. To reduce the risks, a solution is needed that protects both log data and all connected systems. Read more about traceability and security logging.
Secure transfer of SCADA information
To transmit critical information, e.g. from a SCADA system to an administrative office network means potential security risks. But there are solutions that take care of security problems and at the same time enables an exchange of information. Read more about secure transfer of SCADA information.
Secure updates
Updates for Windows and Linux systems are an important part of maintaining the security of the digital information in these systems. However, the updates themselves may be a security risk – to avoid these risks and to maintain the integrity and availability of the systems and be able to make secure updates, special solutions are required. Read more about secure updates.