GeNUGate Data Diode
The Transfer Process
The black TCP or SMTP data arrives at the first application level gateway of the diode. Here, it is accepted, and the connection is then broken – an application level gateway does not allow a continuous flow of data. As an additional security measure, this diode component provides the option of filtering the accepted e-mails for viruses and malware in order to protect the red network. The new connection to the second application level gateway is now opened.
GeNUGate Data Diode for Reliable Transfer Process
Packet Filter Controls Traffic in the Opposite Direction
The interposed packet filter allows this data to pass, but controls traffic in the opposite direction very carefully: only protocol messages that are sent back by the second application level gateway for data transfer to the first application level gateway, and that have been reduced to the absolutely essential information, are allowed through. All other content is removed, and packets from other senders are efficiently blocked.
New Connection to the Recipient
Finally, the second application level gateway establishes a new connection to the recipient and transfers the data to the red network. Together with the diode function of the packet filter, this twofold interruption of the data flow by the application level gateways ensures optimal security for black-red transitions. Detailed covert channel analysis testify to the high level of protection.
Setting up Important Applications with a High Level of Security
The GeNUGate data diode makes it possible to set up the data transfer from black to red for important applications with ease, and with a high level of security. Some examples are:
- Mirroring of databases for geographic information systems (GIS)
- File transfers
- Linking of e-mail systems
Certified by the German Federal Office for Information Security
The data diode is based on the proven GeNUGate firewall system by GeNUA. This two-tier firewall, consisting of an application level gateway and a packet filter, has been certified by the German Federal Office for Information Security (BSI) in accordance with CC EAL 4+ and, additionally, classified as Highly Resistant, since the EAL 7 level was attained for the important self-protection security criterion. GeNUGate is the only Highly Resistant Firewall in the world. For the three-tier data diode, an additional application level gateway was added to this highly efficient security solution.
Hardware Systems for Various Requirements
Depending on the performance requirements, we provide the GeNUGate data diode on various hardware systems in which all of the important components are redundantly designed. The most powerful individual system achieves a data throughput of 600 Mbit/s, and any additional requirements are satisfied with our highly available clusters.
