Maximum Security for Highly Confidential Communication
Kirchheim near Munich, December 16, 2021. The new 2.0 version of vs-diode from genua was again approved by the German Federal Office for Information Security (BSI) for the classification level SECRET. In addition, the data diode received BSI approval for the classification levels NATO SECRET and SECRET UE/EU SECRET. The current version also supports the FTPS protocol and offers a higher performance level of up to three Gbit/s.
BSI Seal for Protected Data Transfers to Red-Black Gateways
Whether with simple phishing mails to members of the Bundestag or sophisticated infiltrations over longer periods of time: cyber-espionage attacks against critical IT infrastructures of government institutions will continue to be part of everyday life in the future. The critical interface that the attackers set their sights on is the data transfer from networks with a low security classification, so-called "black" networks into "red" networks with classification level SECRET – such as when receiving e-mail, when transferring video and radar data or when uploading the latest patterns for anti-virus systems.
For comprehensively secured data transfers to these red-black gateways, genua developed the Data Diode vs-diode. The current version 2.0 again received BSI approval for the processing and transfer of information up to and including the classification level SECRET. In addition, vs-diode 2.0 is approved for the protection of EU information up to classification level SECRET UE/EU SECRET for national use and up to classification level NATO SECRET for the protection of NATO information. The classification level designates the level of protection required for classified information, i.e., facts, topics or findings which, in the public interest, must remain confidential. "We are pleased with the recertification and with the accompanying confirmation from the BSI that the data diode possesses outstanding security features," says Matthias Ochs, Managing Director of genua GmbH.
In addition to the approval, the new version of vs-diode is characterized by the fact its performance has increased from two to up to three Gbit/s.
Security Architecture with One-Way Principle and Strict Segmentation
vs-diode consists of two application level gateways (ALG) – one for the black network and one for the red network – as well as a one-way middle section located in-between. This only copies data from black to red. In the other direction, indication is only provided as to whether the data correctly arrived at the opposite site. This transfer notification enables fast data transfer without a redundant and slow transmission. Communication between the red and the black ALG is by means of TCP or UDP.
The middle part of vs-diode consists of two para-virtualized genuscreen firewalls and a one-way task located in-between. It uses a separation kernel of the L4 family, which divides the hardware into three compartments that are strictly separated from one another. Each of these compartments has its own CPU kernel. The working memory is also strictly separated from the other compartments by the microkernel. Located between the two firewalls is the one-way task that represents the only interface between the two firewall compartments.
vs-diode 2.0 supports the new FTPS protocol (FTP with TLS encryption) and provides continued support for FTP, SMTP, SNMP Traps, TCP, Lumberjack (Elastic Stack), Syslog and UDP.
Image caption:
- Data transfers from the black network to the red network with vs-diode 2.0 from genua © genua GmbH
