Do you want to transfer data to networks classified as SECRET – so-called red networks – from black networks, which are not classified or classified at a lower level, e.g., e-mail, information from databases, video data, current patterns for anti-virus systems or software updates? genua has developed the Data Diode vs-diode for just this task – data transfer across black-red interfaces – with approval up to the SECRET classification level.
One-Way Data Transfer to Red Networks
The Data Diode vs-diode only allows data transfer in one direction – from black to red. The flow of information in the opposite direction is completely blocked. This ensures that no classified or critical data can flow from the red network to the black network at this interface. An important feature of the Data Diode vs-diode is its high performance and reliability in one-way data transfer: throughput of up to 3 Gbit/s. The strong performance is based on the intelligent technology of our data diodes, which is significanctly different than that used in other solutions on the market.
Approval up to the SECRET Classification Level
The compact design is the key feature of the vs-diode and has also convinced the German Federal Office for Information Security (BSI), which has granted approval up to the German SECRET, SECRET UE/EU SECRET, and NATO SECRET classification levels. Thus, the high level of security provided by our solution has been independently verified by a government organization.
One firewall system is connected to the black network and receives the data being transferred from the sender. The received data can optionally be scanned here for viruses and malicious software to protect the red network. The data is then sent via the filter system to the second firewall, which is connected to the red network. This intermediate filter system allows communication in the one direction but blocks all data transfer in the other – with a single exception: a final status message, indicating whether all data has been properly received, is allowed to pass from the second to the first firewall system. This minimal feedback ensures quick and reliable transmission e.g. for the FTP, FTPS, SMTP, and TCP protocols.
How does this minimal feedback channel affect the security level? Other diode solutions intentionally avoid using a feedback channel – and thus also forego the advantages in performance and reliably that it offers – in order to physically exclude any return flow of data.
With the vs-diode, we solved this challenge using modern technology: programming of the central diode function is kept to a minimum – only a few hundred lines of program code – and runs on a microkernel operating system that has also been reduced to an absolute minimum. Due to the low complexity, the diode process is easy to analyze; the entire code can be examined or even formally verified to exclude the possibility of errors in this decisive component.
With the one way data diode vs-diode, you can securely configure high-speed and reliable data transfers from black to red networks. Examples include:
- connecting to e-mail systems
- mirroring databases for GIS and FüInfoSys
- streaming video and radar data
- transferring data for anti-virus and software updates
Due to its minimalist design, the vs-diode is easy to operate. Even in the event of a configuration error, no security vulnerabilities can be exploited – the static diode function cannot be defeated. We will be happy to assist you with the installation and support – service is provided directly from the manufacturer genua.
As a collaborative learning company, it is our mission to continuously improve and share our knowledge of IT Security with you. In our Knowledge Base we offer you articles, white papers, analyst reports, research results, videos and more in the field of IT security.