In this 'Spotlight' we take a look at our range of Data Security Diodes from Canary.
Reflecting Lanode's capability in developing secure systems, we offer a range of Uni-Directional Data Security Diodes. These network devices ensure data can only travel in one direction and are commonly used to provide connections between networks of differing security classifications.
Our Uni-Directional, Single-Point, Data Security Diodes are used in environments where two-way communications introduces the risk that high-value servers and their sensitive data could be subject to purposeful, malicious attack or inadvertent corruption. The resulting loss of critical data, denial-of-service, or its non-availability, can be fatal to mission-critical activities. Uni-Directional Data Security Diodes provide additional data loss protection in the event that malware or hidden executables escape detection and penetrate commonly used network defenses. Our Uni-Directional Data Security Diodes forward information originating from an un-secured open source to a restricted High-Security destination. They simultaneously partition the data path to stop all return-path transmissions and completely block the reverse transmission of sensitive information. You can also position our Uni-Directional Data Security Diodes to selectively forward authorized data originating from a secured, trusted source to weakly protected, insecure destinations. It also blocks the return path to shield the secure source from hidden viruses, Trojans, malicious instructions or other intrusion attempts. This prevents the exposure of critical data, its non-availability and its possible loss or corruption.
For Single-Point Single Locations the options available are as follows:
- CT-20SD & GT-10SD UTP to UTP Single Point
- CF-21SD & GF-55SD Fibre to Fibre Single Point
- CF-21USD & GF-55USD Fibre to UTP Single Point
Plug-and-Go UTP Connections: You can configure your application to run via UDP and connect the Security Diode “Data-In” port to the un-secure device port; then simply connect the Security Diode “Data-Out” port to the Secure Domain Host for protected, one-way data transmission.
Flexible, Secure Network/Host Configurations:
Low to High: Forward information to a Higher Security environment while blocking the un-authorized release of sensitive data in the reverse direction;
High to Low: Restrict authorized user access. Maintain System and Data Security, Integrity and Availability while allowing the limited export of selective information to lower security-level destinations.
Hard-wired Immunity from External Software threats:
The Data Security Diodes execute their key functions in hardware. With tamper-resistant cases, there is no vulnerable software, firmware, memory or buffers that can be exploited to attack and surreptitiously alter or disable Uni-directional operation. Using UDP or similar protocol over a point-to-point link eliminates the need for normal transmission acknowledgements. Control physical access to your Canary Data Security Diodes and their cable connections to thwart unauthorized access and safely deliver critical data where needed – Easy, Secure, Information Availability!
Our Uni-Directional Multi-Point Dual Location Data Security Diodes are one more defense layer against a broad range of internal/insider or external cyber threats that can escape common security applications – to reveal and corrupt sensitive data or make other mission-critical information services nonavailable. Protect secure servers and sensitive data from compromise by placing our Uni-Directional Data Security Diodes in environments where un-restricted two-way, bi-directional communications expose secure servers and their sensitive data to penetration and malicious attack.
Application 1: Data Security Diodes copy/forward information originating from a single un-secured open source to a pair of restricted, High-Security destinations using two Fibre Optic links. Some with dual input/output channels, forward information
originating from two un-secured open sources, to a pair of restricted, High-Security Host destinations using two Fibre-optic links.They simultaneously partition each data path to completely block sensitive data from being transmitted in the reverse direction.
Application 2: Canary Data Security Diodes are positioned to allow duplicated/parallel transmission of authorized Data originating from a single restricted, High-Security source, to a pair of unprotected, insecure destinations, or selectively forward over a partitioned Fibre link.
Partitioned data paths shield Secure Sources from hidden viruses, Trojans, malicious programs or other intrusion attempts, preventing the unintended corruption, release or exposure of sensitive information, or its loss and non-availability. Local Diode/Host UTP connections are nominally full duplex. However, bi-directional full duplex traffic is never transmitted between linked Data Diodes. Data handling functions including IP acknowledgements, Flow-Control and error correction are completely disabled and no internal or external means are available to restore inter-Diode bi-directional capability.
For Multi-Point Dual Locations the options available are as follows:
- CT-20RD or GT-55RD transmit-only Data Security Diodes that forward the traffic to remote, receive-only CT-20TR or GT-55TR Diodes.
- CT-20TD or GT-55TD transmit-only Data Security Diodes that forward the traffic to remote, receive-only CT-20TR or GT-55TR Diodes.
- CT-20PD or GT-55PD transmit-only Data Security Diode that copies one side of their TCP/IP conversation to a remote CT-20R or GT-55R receive-only Diode.
- CF-21TD or GF-55TD transmit-only Data Security Diodes that forward the traffic to remote, receive-only CF-21TR or GF-55TR Diodes.
- Copy one-side of TCP/IP Traffic over Fibre by connecting a pair of un-secure Source & Proxy devices to a CF-21PD or GF-55PD transmit-only Data Security Diode that copies one side of their TCP/IP conversation to a remote CF-21R or GF-55R receive-only Diode.
- Connect a pair of un-secure Source & Proxy devices to a CF-21UPD or GF-55UPD transmit-only Data Security Diode that copies one side of their TCP/IP conversation to a remote CF-21R or GF-55R receive-only Diode.
- Configure your applications to run via UDP. Connect (2) un-secure devices to CF-21UTD or GF-55UTD transmit-only Data Security Diodes that forward the traffic to remote, receive-only CF-21UTR or GF-55UTR Diodes.