RSGate
A Vigilant Guard between Red and Black Networks
The security gateway RSGate allows a precise content monitoring and control of data flow. This is guaranteed by a two-stage process using a viewer and a security filter plus two firewalls for network separation.
Manual and Automatic Checks of Data Content
Content monitoring can be performed automatically or manually under user control. In the automatic procedure a software parser verifies the files whose contents have a precisely defined format. Examples include: status information and position coordinates in XML documents, nautical data in NMEA 0183 or ASTERIX messages from radar devices. Files containing unformatted text or graphics must be manually displayed on the viewer and analyzed for confidentiality by an authorized user. In either case, a file is only digitally signed and released for transfer to the black network if it contains no confidential information
High-secure interface: RSGate between red and black networks
Key Advantage over VPN Solutions
The data released by RSGate can be processed further in the target network without any safeguards. Thus RSGate transfers data from red to black. In comparison, a VPN only serves as an encrypted transfer route across a black transit network. The data must be transmitted to a red system for processing and may not be processed further in black systems.
Virus Scanning on Black-to-Red Transmission
RSGate allows data transfers from black to red networks without content monitoring, but filters out viruses and other malware. Thus the sensitive red network is reliably protected against harmful code.
Certified Firewalls Separate Networks
The RSGate utilizes GeNUGate firewalls in a two-tier setup, i.e. an application level gateway and a packet filter in series. The German Federal Office for Information Security (BSI) has confirmed this to be an effective solution: These independent specialists have certified the firewall to the level EAL 4+ according to the international Common Criteria (CC) standard. In addition, the GeNUGate has been determined to be Highly Resistant, as it fulfils the requirements of EAL 6 in respect to self-protection against direct attacks. No other firewall world-wide has reached this level of security. To complement this solution, our partner INFODAS has developed a check server to analyze document content and digital signatures, as well as a security filter.
