Do you want to transfer data to networks classified as SECRET – so-called red networks – from black networks, which are classified at a lower level, e.g., e-mail, information from databases, video data, current patterns for anti-virus systems or software updates? genua has developed the Data Diode vs-diode for just this task – data transfer across black-red interfaces – with approval up to the SECRET classification level.
One-Way Data Transfer to Red Networks
The vs data diode only allows data transfer in one direction – from black to red. The flow of information in the opposite direction is completely blocked. This ensures that no classified data can flow from the red network to the black network at this interface. An important feature of the Data Diode vs-diode is its high performance and reliability in one-way data transfer: throughput of up to 1 Gbit/s. The strong performance is based on the intelligent technology of our data diodes, which is significantly different than that used in other solutions on the market.
Approval up to the SECRET Level
The compact design is the key feature of the vs-diode and has also convinced the German Federal Office for Information Security (BSI), which has granted approval up to the SECRET classification level. Thus, the high level of security provided by our solution has been independently verified by a government organization.
One firewall system is connected to the black network and receives the data being transferred from the sender. The received data can optionally be scanned here for viruses and malicious software to protect the red network. The data is then sent via the filter system to the second firewall, which is connected to the red network. This intermediate filter system allows communication in the one direction but blocks all data transfer in the other – with a single exception: a final status message, indicating whether all data has been properly received, is allowed to pass from the second to the first firewall system. The FTP, SMTP and TCP protocols require this minimal feedback to ensure fast and reliable data transfer.
How does this minimal feedback channel affect the security level? Other diode solutions intentionally avoid using a feedback channel – and thus also forego the advantages in performance and reliably that it offers – in order to physically exclude any return flow of data.
With the vs-diode, we solved this challenge using modern technology: programming of the central diode function is kept to a minimum – only a few hundred lines of program code – and runs on a microkernel operating system that has also been reduced to an absolute minimum. Due to the low complexity, the diode process is easy to analyze; the entire code can be examined or even formally verified to exclude the possibility of errors in this decisive component.
Due to its minimalist design, the vs-diode is easy to operate. Even in the event of a configuration error, no security vulnerabilities can be exploited – the static diode function cannot be defeated. We will be happy to assist you with the installation and support – service is provided directly from the manufacturer genua.
As a collaborative learning company, it is our mission to continuously improve and share our knowledge of IT Security with you. In our Knowledge Base we offer you articles, white papers, analyst reports, research results, videos and more in the field of IT security.