sybard - diode - itsus · sybard® diode v3 cross domain one-way data transfer file interface...
TRANSCRIPT
Data sheet
SyBard® Diode v3Cross Domain One-Way Data Transfer
File InterfaceTransparent directory based file transfer
SyBard Diode supports multiple file transfer channels with configurable source and target directories, allowing flexible and convenient one-way file transfer between networks.
Traditionally the only way to adequately protect sensitive networks was to separate them from all other networks via an air gap. This solution however lacks any secure, efficient or auditable means of transferring data into or out of the air gapped network.
The SyBard® Diode utilises 1Gb/s fibre optics and sophisticated cryptographic techniques to provide fast, high integrity data transfer between security domains, that is guaranteed to be unidirectional.
SyBard Diode may be deployed to permit low to high domain transfer of, for example, anti-virus or operating system updates. Its guaranteed unidirectional feature providing strong protection of the high domain from data leakage.
Conversely, the diode may be deployed to control the secure release of data from a high domain to a low domain, providing strong protection of the high domain from attacks entering via the low domain.
SyBard Diode exposes a convenient TCP / UDP interface, suitable for integration with third party products, and a file interface providing transparent directory-based file transfer between domains.
Performance
• 1Gb/s fibre optic device
• Multiple simultaneous file, TCP & UDP channels
Configuration
• Offers easy to use XML- based configuration
• Features custom tuning of diode throughput to maximise individual system performance
• Provides highly configurable logging for administration and audit
SyBardDiode
Less Trusted Domain Sensitive Domain
Confidentiality
Anti-virus / OS updates
SyBardDiode
Sensitive Domain Less Trusted DomainBusiness critical data
Integrity
Availability
FileService
FileService
FileService
Data TX Service
Data RX Service
FileService
FileService
FileService
SyBardDiode
Data TXService
Data RXService
TCP Source
TCP Source
TCP Receiver
TCP Receiver
Data TXService
UDPRelay
UDP Source
UDP Source
UDP Receiver
UDP Receiver
UDPProxy
Data RXService
Data TXService
Data RXServiceTCP Source
UDP Source
TCP Receiver
UDP Receiver
FileService
UDPProxy
User 1
User 2
User 3
User 1
User 2
User 3File
Service
UDPRelay
SyBardDiode
SyBardDiode
SyBardDiode
SyBardDiode
Less Trusted Domain Sensitive Domain
Confidentiality
Anti-virus / OS updates
SyBardDiode
Sensitive Domain Less Trusted DomainBusiness critical data
Integrity
Availability
FileService
FileService
FileService
Data TX Service
Data RX Service
FileService
FileService
FileService
SyBardDiode
Data TXService
Data RXService
TCP Source
TCP Source
TCP Receiver
TCP Receiver
Data TXService
UDPRelay
UDP Source
UDP Source
UDP Receiver
UDP Receiver
UDPProxy
Data RXService
Data TXService
Data RXServiceTCP Source
UDP Source
TCP Receiver
UDP Receiver
FileService
UDPProxy
User 1
User 2
User 3
User 1
User 2
User 3File
Service
UDPRelay
SyBardDiode
SyBardDiode
SyBardDiode
SyBardDiode
Less Trusted Domain Sensitive Domain
Confidentiality
Anti-virus / OS updates
SyBardDiode
Sensitive Domain Less Trusted DomainBusiness critical data
Integrity
Availability
FileService
FileService
FileService
Data TX Service
Data RX Service
FileService
FileService
FileService
SyBardDiode
Data TXService
Data RXService
TCP Source
TCP Source
TCP Receiver
TCP Receiver
Data TXService
UDPRelay
UDP Source
UDP Source
UDP Receiver
UDP Receiver
UDPProxy
Data RXService
Data TXService
Data RXServiceTCP Source
UDP Source
TCP Receiver
UDP Receiver
FileService
UDPProxy
User 1
User 2
User 3
User 1
User 2
User 3File
Service
UDPRelay
SyBardDiode
SyBardDiode
SyBardDiode
Key Benefits• Removes the need for air gaps between systems
• Fast, convenient, guaranteed one-way data transfer between differing security domains
• Transfer data into a higher security network while ensuring its confidentiality
• Transfer data out of a higher security network while protecting its integrity and availability
• Integration with SyBard Sentry guards— content checking directly on the diode platform, reducing hardware requirements
• Utilises COTS hardware to provide a highly reliable, low cost of operation solution
Key Features
Security
• Provides guaranteed unidirectional data flow
• Installs only requisite operating system components
• Requires minimal operating system privileges
Data Integrity
• Implements source-to-target file integrity checking
• Implements source-to-target TCP stream and UDP datagram integrity checking
• Provides email notifications of failed transfers
One-way data transfer into the secure network
One-way data transfer out of the secure network A diode file service may be deployed on each user’s desktop, providing entirely transparent file transfer for multiple users concurrently through a physical diode. Additionally, a single file service may support multiple file transfer
channels.
Cody Technology Park Ively Road, Farnborough Hampshire, GU14 0LXUnited Kingdom
3/01594
3
other countries.
File Diode service, feeding into a single diode.
Data InterfacesTCP / UDP
with third party products and data sources, including SyBard Sentry guards.
The ‘core’ data transfer services expose a TCP interface
The ‘UDP Proxy’ and ‘UDP Relay’ services augment the ‘core’ data transfer services. They expose a UDP interface, and may be installed on the diode appliance directly, or on separate physical machines.
Deployment
be deployed concurrently on the local diode appliance, or on
architecture.
Traceability & Audit
administrators of system errors by email.
Appliance
• Fully pen-tested appliance (report available)
• 5 years on site, next day hardware support
•
•
Consultancy
About Us
security architects, CESG approved CLAS consultants and CHECK/
Windows 2003 / 2008 Server 32 bit
CentOS linux 6 64 bit (SE linux enabled)
Data Interfaces
File Interface
Data TXService
Data RXService
TCP Source
TCP Source
TCP Receiver
TCP Receiver
Data TXService
UDPRelay
UDP Source
UDP Source
UDP Receiver
UDP Receiver
UDPProxy
Data RXService
Data TXService
Data RXServiceTCP Source
UDP Source
TCP Receiver
UDP Receiver
FileService
UDPProxy
FileService
UDPRelay
SyBardDiode
SyBardDiode
SyBardDiode
Data TXService
Data RXService
TCP Source
TCP Source
TCP Receiver
TCP Receiver
Data TXService
UDPRelay
UDP Source
UDP Source
UDP Receiver
UDP Receiver
UDPProxy
Data RXService
Data TXService
Data RXServiceTCP Source
UDP Source
TCP Receiver
UDP Receiver
FileService
UDPProxy
FileService
UDPRelay
SyBardDiode
SyBardDiode
SyBardDiode
Data TXService
Data RXService
TCP Source
TCP Source
TCP Receiver
TCP Receiver
Data TXService
UDPRelay
UDP Source
UDP Source
UDP Receiver
UDP Receiver
UDPProxy
Data RXService
Data TXService
Data RXServiceTCP Source
UDP Source
TCP Receiver
UDP Receiver
FileService
UDPProxy
FileService
UDPRelay
SyBardDiode
SyBardDiode
SyBardDiode
services
Support9am-5pm Monday-Friday email and phone support.
Regular product updates including major, minor and patch releases to keep current with feature developments, systems and the changing cyber-threat landscape.