In this 'Viewpoint' we take a look at the world of Data Diodes, often referred to as Uni-directional Diodes, unidirectional network or even unidirectional security gateway. For those unclear it's a network appliance or device allowing data to travel only in one direction, used in guaranteeing information security. They are most commonly found in high security environments such as defence, where they serve as connections between two or more networks of differing security classifications. This technology can now be found at the Industrial Control level for such facilities as nuclear power plants, and electric power generation.
The need to isolate networks to prevent the accidental leakage of data is critical for many businesses. However, this security measure needs to be balanced with the ability to monitor all networks and keep them updated with the latest operating system, application and anti-malware updates.
Data Diodes guarantee that data is only permitted to flow in a single direction, thereby enabling secure data transfer to the isolated networks. Data diodes can be used as part of a solution to allow updates and monitoring, and to provide support for application traffic, file transfers and database replication. Let's start by defining the benefits & limitations....
Benefits and limitations
The physical nature of unidirectional networks only allows data to pass from one side (referred to as the "low" side) of a network connection to another (referred to as the "high" side), and not the other way around. The benefits for the users of the high side network are that their data is kept confidential while they have access to data from the low side.
Such functionality can be attractive if sensitive data is stored on a network which requires connectivity with the Internet. Traditionally the data would be vulnerable to intrusions from the Internet, however with a unidirectional network separating a high side with sensitive data, and a low side with Internet connectivity, one can achieve the best of both worlds. This holds true even if both the low and the high network are compromised, as the security guarantees are physical in nature.
The controlled interface that comprises the send and receive elements of a unidirectional network acts as a one-way "communications protocol break" between the 2 two-way network domains it connects. This does not preclude unidirectional network use in transferring protocols like TCP/IP, that require communications (including acknowledgements) between sender and receiver. By employing TCP/IP client-server proxies prior to, and after one-way transfer, data transported as TCP packet flows can gain the security value of unidirectional transfer.
It is true that a primary unidirectional network path cannot be used as a "backwards" path for acknowledgement of the receipt of data by the ultimate destination. However, a scheme for such receipt acknowledgement exists and this mechanism ensures that the original sender of data is notified of successful receipt (or any number of alternative conditions). The Primary unidirectional path and the networks it connects are not compromised.
The most common form of a unidirectional network is a simple, modified, fibre-optic cable, with send and receive transceivers removed for one direction. Commercial products rely on this basic design, but add other software functionality. Some commercial offerings use proprietary protocols that allow for data transfer from protocols that usually require bidirectional links.
Common Applications
There are two general models for using unidirectional network connections. In the classical model, the purpose of the data diode is to prevent export of classified data from a secure machine while allowing import of data from an insecure machine. In the alternative model, the diode is used to allow export of data from a protected machine while preventing attacks on that machine.
The majority of unidirectional network applications are in defence, and defence contractors. These organisations traditionally have applied air gaps to keep classified data physically separate from any Internet connection. With the introduction of unidirectional networks in some of these environments, a degree of connectivity can safely exist between a network with classified data, and a network with an Internet connection.
The second broad application involves systems that must be secured against attack from public networks while publishing information to such networks. For example, an election management system used with electronic voting must make election results available to the public while at the same time it must be immune to attack. The conventional solution to this is to use an air gap between the public network and the election management system.
Other common deployments of Data Diode technology include:
-
Secure printing from a less secure network to a high secure network (reducing print costs)
-
Transferring application and operating system updates from a less secure network to a high secure network
-
Monitoring multiple networks in a Secure Operations Centre
-
Time synchronisation in high secure networks
-
File transfer
-
Providing a “you have mail” alert in a high secure network, on a less secure network
The concept of a data diode – a hardware device that only lets data out of the perimeter and prevents any data from coming in – isn’t new, but it’s been adopted recently in the critical infrastructure sector, and in so doing limiting the visibility needed to protect against targeted attacks.
A key benefit of Data Diodes over firewalls is they remove the negligent user and developer factor. Because data diodes are implemented at the hardware level, users can’t reconfigure a data diode, and because of its simplicity, it’s unlikely that a data diode has a latent design flaw, or at least one that will let data flow back into the protected perimeter.
In conjunction with our development partner Canary, we have available a number of Data Diodes, both for Single-Point Single Locations, and Multi-Point Dual Locations.
If you want to know more about our Data Diodes, please visit www.lanode.com or call us on +44 (0) 1276 677220 in normal business hours.