What do Owl products do?
Owl Computing products enable the secure, hardware-enforced, one-way-only transfer of data between network domains of varying security levels and policies. Owl solutions ensure the isolation of both networks, while facilitating the delivery of mission-critical, and time-critical, information.
How do Owl products work?
Owl products are combinations of custom-designed hardware & drivers, and internally developed software applications. Communication cards are mounted in Send-only (Blue) and Receive-only (Red) server platforms, connected via fiber-optic or copper cabling. Owl software, specific to the kind(-s) of data to be transferred, is installed in both platforms. The Blue Owl application converts the data to Owl proprietary format, segments it to ATM cells, and sends it to the Red machine. The Red Owl application restores the information to its original format, for distribution to selected destinations.
What is a data diode?
A data diode is an inter-network connection that permits information to travel in one direction only. It is most commonly deployed between two or more networks of different security classifications.
What is Owl DualDiode® technology?
The Owl DualDiode data diode design is a multi-layered approach for the transparent and secure transfer of user applications (files, TCP/IP traffic, streaming video, syslog messages, etc.), across a wide range of computer operating systems. DualDiode solutions enable hardware-enforced, trust-nothing, one-way information transfer securely between discrete network domains, to ensure communications capability and absolute assurance against data leakage -- at link speeds of 50Mbps, 104Mbps, 155Mbps, and 2.5 Gigabits per second.
Is Owl product certified and accreditable?
- Certified -- Owl Communication cards are NIAP Common Criteria-certified:
- Owl 2500, and Owl 155 versions 3 & 4 - EAL-4
- Owl 155 versions 1 & 2 - EAL-2
- Owl 052 - under consideration for EAL certification
- Accreditable -- all Owl products may be included in cross-domain solutions that require accreditation in operational deployment. As of January 2010, Owl products function in over 1000 accredited applications throughout the DoD and US Intelligence community.
I have been directed to review the UCDMO Baseline Configurations against my requirements. How do Owl solutions fit into the currently listed Baseline solutions?
Owl Computing has had products as a component within UCDMO baseline solutions in the past, and currently has updated full solutions targeted for the UCDMO baseline. This is in addition to many existing niche and individually accredited solutions for individual Agency, DOD or program use.
“ ‘The baseline serves as check-here-first place, because items on the baseline can save the agency time and money. Rather than re-inventing the wheel, if an agency starts with something from the baseline, it could possibly cut start-to-operate time from years to months,’ said Jill Savin, UCDMO communications and outreach officer.
‘Some agencies are putting policies in place to instruct their information assurance and IT shops only to consider baseline solutions when looking at new cross domain needs, since these solutions are known entities. But this is an agency decision, not something mandated by the UCDMO,’ Savin said.”
Military Information Technology, volume 14, issue 1, February 2010, p. 6.
“The UCDMO Baseline List is not a 'sales' list, it is a re-use list. It is not necessary for a technology/product to be on the UCDMO Baseline before it can be bought or installed somewhere. In fact, sometimes mission requirements may necessitate a solution that is not on the Baseline. However, it is up to each Agency to decide what their policy on new technologies will be. Some Agencies are restricting their networks to only use items already on the UCDMO Baseline. This is an Agency decision, not the UCDMO's."
CAPT Kevin Peterson, Executive Assistant, Space and Naval Warfare Systems Command
What does an Owl system do?
Owl systems pass data from one computer to another, and/or from one network to another, in one direction only. Data flows forward without impediment at high throughput rates. Data does not flow at all in the reverse direction.
Can the Owl system improve the security of my network?
Yes. Owl systems are designed to prevent leakage of sensitive information from secure isolated networks. Data flows into the secure network, but cannot flow out through the same channel. Without the capability of bilateral communications, the secure network is rendered impervious to probing cyberattacks.
Is the Owl system a firewall?
No. An Owl system functions like a routing gateway, but with an important difference: data flows in one direction only, and routes are preconfigured. Because security is enforced in hardware, there is no possibility of security breach through software attack. Owl drivers have been developed internally and are not dependent on the IP communication stacks of host platforms on which they reside. Owl systems cannot be "hacked."
If Owl products send data one-way only, then how do I know my data arrived successfully?
The Owl suite of secure one-way data transfer systems do not provide any backchannel for data verification. Instead, Owl systems perform multiple levels of error-checking on both the Send and Receive machines as data is being sent. Owl systems have proven highly reliable, and are widely used by the most demanding IT customers in the intelligence community.
What types of error-checking are used in Owl systems?
Data is verified at multiple levels. Error-checking is performed in hardware in accordance with ATM AAL5 protocol. At a higher level, advanced hash algorithms are used to validate integrity of IP packets assembled from ATM cells. Packet sequences are also verified. Finally, the packets are merged into higher level data structures that are also verified using advanced hash algorithms.
How fast will data flow through an Owl system?
Owl Communication Cards are custom-designed to meet throughput capacity needs. Link speed for Owl 2500 Communication Cards is 2.488 Gigibits/sec. When configured for clear-channel, an Owl 2500 pair transfers up to 270 MegaBytes/sec of content. When configured as channelized, a 2500 pair will support up to 8 virtual connections over a single physical link, each connection delivering up to 65+ MegaBytes of content per second.
Are Owl systems reliable?
To date (since 1998) no Owl system has ever failed in the field.
Can the Owl system support multiple users?
Yes. Owl software is server-based; the combination of high throughput and seamless network integration accommodates multiple concurrent users. A single Owl product installation can support multiple users, and possibly multiple departments.
Can I move large files through the Owl system?
Yes. Multi-GigaByte and TeraByte-scale files have been reliably transferred through Owl systems. In such cases, Owl 2500 Communication Cards are preferred because of their high link speed (2.488 Gigabits per sec) and high content throughput rates (clear channel - 270+ MegaBytes/sec; 8 path-channelized - 65 Megbytes/sec/channel) automate transfers that had typically been sneaker-net/walk-net transactions. An estimated file size upper limit of 2 TeraBytes is imposed by limitations in host operating systems.
What type of log files do you maintain?
Owl provides log file capability on Send-only and Receive-only servers. The level of detail of information that is stored in these log files is controlled by an argument in the startup scripts. All software applications support the Owl log file-management system, and the maintenance of
historical information such as data archiving, aging, etc.
Will the Owl system transfer streaming video?
Yes. Owl UPTS, with Owl 155, 2500, or 052 cards, will pass streaming video in real-time. On the Send-only server, the optional Owl MUX/DEMUX Server application supports N instances of distinct UDP streams. On the Receive-only server, the MUX Server supports unicast, multicast, and broadcast distribution modes.
How does Owl offer a TCP product in a one-way environment, if TCP typically requires handshaking?
With Owl TPTS, TCP client establishes a "handshake" with TCP server on the Send-only machine. TCP/IP address information is stripped from the incoming packets, with packet payload transferred to the Receive-only machine. The receiving machine establishes a TCP handshake with its intended recipient and completes the transfer. In Web Server language, the Owl application may be thought of as a one-way proxy. For maximum security, no IP routing information is passed across the one-way link.
Do our products provide encryption?
No. Encrypt/decrypt services may be integrated into an Owl cross-domain solution, as with malware scanning and/or data filters. Our products provide a physical one-way link that allows users to safely send data and trust that absolutely no information - not even handshaking protocols - escapes from your private network via our products.
Can we run multiple Owl Applications on the same machine(s)?
Yes. To run multiple Owl applications concurrently on one machine using Owl 052 or 155 cards, separate Owl card sets for each Owl application are required. This is necessary because Owl applications are optimized at the hardware driver level for the type of data they handle. An exception is Owl SNTS which supports concurrent UDP, TCP, and files. With channelized Owl 2500 cards, multiple Owl applications may be run on one machine, with one card set.
With what hardware and software are Owl systems compatible?
Owl systems are designed for compatibility with all network devices that support standard IP network communication protocols. Owl secure one-way data transfer systems are designed to function transparently on their host networks. Owl one-way data transfer hardware may be installed in any computer platform with standard PCI-x or PCI-e bus slots operating at 3.3 volts or 5 volts. Owl hardware and software has been extensively tested with a wide range of operating systems - Windows, Solaris, and LINUX. Check under the Products sub-menu for up-to-date Version Information.
Are Owl systems easy to install?
Owl OEM product kits feature color-coded components, streamlined installation procedures, and thorough documentation. Basic Owl systems are routinely installed by client personnel in less than an hour -- sometimes as quickly as 15 minutes.
What components are included in a Turnkey purchase option?
Turnkeys include all the application-specific items, two rackmount servers with the selected Owl communication cards and application software, tested and installed. The turnkey feature enables the customer to be up and running in the minimum amount of time, particularly if technical personnel are in short supply.
How much does an Owl system cost?
Owl systems vary in price, based on Owl Communication Card selection and the Owl software required for user-specific data types. Contact us, via the Contact Form included on this website, or call Owl Sales toll-free 866.695.3387, for pricing details on your application.
Do we have to re-certify when we modify or create new software applications based on Owl systems?
No. Security in Owl systems is primarily enforced in hardware, and it is Owl hardware that is certified.
Can our products be exported?
Both your 3.3 volt universal card and your 5 volt card have an ECCN number of 5A991 with an AT1 restriction, which means that it can ship almost anywhere with the exception of Cuba, Iran (Iraq is OK with some additional restrictions), Libya, N. Korea, Sudan and Syria.
Detailed information on ECCN (Export Control Classification Number) can be Found Here.
Are you compliant with section 508 of the Rehabilitation Act?
Owl Computing Technologies, Inc.'s products are considered fully compliant with the applicable provisions of section 508 of the Rehabilitation Act. Owl products are designed to work seamlessly with accessibility enhancement features of their host platform operating systems, thus enabling Federal employees with disabilities to interact with Owl systems with the same effectiveness as Federal employees without disabilities.
Where are Owl cards manufactured?
Owl products are designed and manufactured In the USA.
