Handling confidential information poses a challenge on organizations. Draconian measures are often taken to ensure that secrets remain secret. Some organizations use air gaps and high levels of physical security which offer great protection but hamper productivity. Other organizations trade in too much of their security requirements for a more fluent workflow. Rules and regulations for handling confidential information require a level of security that is often considered impractical. Fox-IT introduces the Fox DataDiode, a cross-domain solution reconciling the seemingly contradictory requirements of high assurance and free information flow. Organizations around the globe trust the Fox DataDiode for their unidirectional requirements, as illustrated by the numerous certifications such as NATO SECRET and Common Criteria EAL7+.
Fox DataDiode in a nutshell
Confidential information is usually stored on disconnected, isolated networks to prevent data leakage. Often this is mandated by rules and regulations. The act of adding information to this network typically involves offline transportation of data on removable media such as optical discs. This is not real-time, not 24×7 and cumbersome so that users will dislike it. Moreover it’s error prone and insecure.
The Fox DataDiode automates and accelerates the process of adding information to confidential networks without compromising security. It offers guaranteed one-way network connectivity so that you can securely, smoothly transfer information in real-time, 24×7. The Fox DataDiode is the highest certified product in the world in terms of security.
Even for applications that rely on two-way communication the Fox DataDiode has built-in support. This way you have immediate access to the most recent public intelligence in your confidential environment.
The Fox DataDiode protocol support includes but is not limited to:
- File Transfer Protocol (FTP)
- Windows file sharing (CIFS)
- Syslog, SNMP (UDP)
- Email (SMTP)
- Network Time Protocol (NTP)
On top of these protocols the Fox DataDiode supports a range of applications, including but not limited to:
- Antivirus update mirroring (McAfee, Symantec and others)
- Database mirroring (Oracle, MySQL, MS SQL Server and others)
- Windows update mirroring (WSUS)
- Network printing
- Remote monitoring (Nagios)
- Lawful Interception (ETSI)
Why it works
Strict one-way communication breaks benefits from full duplex communication, most importantly flow-control, error detection and error correction. Fox-IT developed a special one-way protocol that restores these benefits. A typical Fox DataDiode setup includes a receiving proxy, a hardware DataDiode and a sending proxy. Data is received using a standard protocol. The proxy sends it using the one-way protocol via the hardware DataDiode to the other proxy. This is done at a steady rate, solving the issue of flow-control. Error correcting codes are added to the transfer, as are data integrity checksums. The sending proxy checks every transfer and repairs it if necessary. Successful transfers are sent onwards using their respective original protocols.
The hardware DataDiode is the key element to guarantee information flows in one way only. One strand of a fiber optic cable pair is used; no hardware exists to send data the other way. The hardware DataDiode is certified by NATO for use up to SECRET level and by Common Criteria up to EAL7+ level. In addition the hardware datadiode has been accredited by many local authorities such as the Dutch General Intelligence and Security Service (AIVD), the German Bundesamt für Sicherheit in der Informationstechnik (BSI) and the Indian Department of Information Technology .
A wealth of information is available on the different applications and scenarios for the Fox DataDiode. The DataDiode is delivered through a global network of partners who are knowledgeable in handling confidential information.