CLICK HERE TO REQUEST A COPY OF "THE DEFINITIVE GUIDE TO DATA DIODE TECHNOLOGIES"

OWL DATA DIODE CORE TECHNOLOGY «

Initially based on Sandia National Labs technology, Owl data diodes have been built from the ground up in their purest form, incorporating the one-way flow into the design of all components; from the transmitter and receiver, to the transfer protocol, all the way down to the electricity on the circuit boards, physically ensuring a fail-safe, deterministic one-way-only data transfer. The send side is incapable of receiving data, and the receive side is incapable of sending data.

 

In addition, because there is no shared circuitry beyond the one-way connection, data diodes are considered by many regulatory bodies to effectively create an air gap, or a physical separation between networks. The hardware-based nature of data diodes, enforced by the fundamental laws of physics, places them at the highest possible level of security, short of physically disconnecting the network and not allowing any data to flow in or out.

"The hardware-based nature of data diodes, enforced by the fundamental laws of physics, places them at the highest possible level of security, short of physically disconnecting the network and not allowing any data to flow in or out."

The core of all Owl data diode solutions is the linked pair of two Communication Cards (one send-only and one receive-only) that together form the basis of the data diode. Along with the cards, all Owl data diodes include management software, proxies to interface to external applications, and protocol conversion, with other features available as required. Owl data diode Communication Cards vary in size and capabilities, from the world’s smallest, that are the size of a quarter and transfer data at just over 1 Mbps, to the specialized cards installed in single box solutions that support transfer up to 1 Gbps, to the PCIe cards that are fitted into standalone servers and support throughput of up to 10 Gbps.

DATA DIODE PURPOSE «

Data diodes are used to defend networks from cyber-attacks and transfer information generated within the protected network in a one-way fashion to end-users outside the network. In this way, data can be sent to the cloud, a remote monitoring facility, support engineers, regulatory bodies or any other end-user that needs access, without creating a vulnerability or threat vector into the network.

 

Data diodes separate and create boundaries between trusted and untrusted networks and straddle the demarcation line between them. This separation between networks is more commonly known as network segmentation. This is a basic and vital part of any comprehensive cybersecurity strategy. It is perhaps simplest to think of data diodes as digital one-way valves for data, allowing data to flow out, without a way back in.

 

Data diodes can be used to protect very small network segments, such as an individual industrial controller, a car, or a database, or they can be used to protect a very large segment, such as an entire nuclear power plant.

WHAT IS AN OWL DATA DIODE?

An Owl data diode goes way beyond a disabled cable; it is a hardware-based electronic device designed with two separate circuits – one send-only, and one receive-only – which physically constrain the transfer of data to one direction only and form an “air gap” between the source and destination networks.  As described below, Owl provides a multi-layered, patented approach to the design of our data diodes.

While simple, this type of solution does not embody the characteristics necessary for a commercially viable solution including: low latency, high reliability, high throughput, and the ability to interface with software applications. A commercially viable data diode uses a hardware design to prevent attacks but also provides the interoperability and reliability of a true network security device.

The simplest example is an RS-232 cable.  These cables can be used to connect computing platforms and only contain three pins: transmit, receive, and ground. If the receive pin was removed then data could only physically be transmitted and NOT received.  This allows data to be sent with no path for anything (or anyone) to gain access through the cable into the computer or network. While secure, the first problem is that the protocols used over the connection are expecting responses which are no longer being provided.  So not only is the cable “broken” but now the protocols are also broken and either won’t operate at all or will fall into some kind of recovery mode where they try to compensate for disrupted communications (multiple-retries, etc.).

WHAT IS A SIMPLE DATA DIODE?

WHAT IS A DATA DIODE?

A piece of hardware that physically enforces a one-way flow of data.  Most people think of data communications as requiring a two-way path, but most data can be transferred and shared over a one-way path. As one-way data transfer systems, data diodes are used as cybersecurity tools to isolate and protect networks from external cyber threats and prevent penetration from any external sources.  A data diode sits at the edge of the network security perimeter; relying on its physical hardware components to mitigate all network cyber threats against the network while simultaneously allowing the transfer of data out of the network in a highly controlled, deterministic manner.

DATA DIODES FOR

CROSS DOMAIN SOLUTIONS

DHS RECOMMENDATIONS

FOR DATA DIODES

USING DATA DIODES IN THE FIELD

An Owl Data Diode is a hardware-based electronic device designed with two separate circuits – one send-only, and one receive-only

Owl Products & Form Factors

Owl Data Diode Core Technology

Data Diode Purpose

Owl Data Diode

What is a Data Diode?

What is a Data Diode «

Simple Data Diode

Owl Main Logo

International

LEARN ABOUT

DATA DIODES

Owl offers several different single box solutions, including a 1U 19” rack-mount solution, a compact, vertically-mounted DIN rail form factor, and a number of miniaturized form factors for different missions or programs. For these solutions, specialized data diode hardware, send/receive cards, software, and proxy servers are all fitted within a single box enclosure.

Owl data diode products are deployed either as an all-in-one, single box solution (OPDS/OCDS product lines) with the pair of Communication Cards included in the single device, or with two separate Owl-designed PCIe Communication Cards (send & receive), each installed on their own server and connected solely through a single fiber optic cable.

OWL PRODUCTS & FORM FACTORS «

ONE-WAY IN A TWO-WAY WORLD

The cybersecurity value proposition of deterministic, one-way communication is clear, but for some, how a one-way data diode works in a world dominated by two-way protocols can cause confusion. In order to address the expected “handshakes” or acknowledgments of two-way protocols in a one-way system, data diodes employ a proxy on both the send and receive sides. Rather than the source communicating directly with the destination, the source communicates with the send side proxy on the data diode. That two-way conversation is then converted to a one-way data transfer across to the receive side of the diode. Then the receive side proxy initiates a new two-way communication with the destination and completes the data transfer to the destination endpoint.

 

Third Party Tested

To meet the stringent requirements of government agencies, the Department of Defense and the Intelligence community, Owl products have been tested and accredited by independent third parties. We have EAL Common Criteria ratings that prove our technology provides a deterministic one-way transfer of information.

 

Comparison to Firewalls & Other Technologies

The primary difference between hardware-based data diodes versus firewalls and unidirectional gateways is that it is physically impossible to send data of any kind in the reverse direction. Therefore data diodes are inherently immune to the misconfiguration, back-doors and vulnerabilities present in these other technologies.

 

Where Did Data Diodes Come From?

Since the early 1990’s, data diodes have met the elite cybersecurity needs of the most demanding users, including the US DoD and intelligence agencies. From initial deployments in national labs, branches of defense and intelligence agencies, the use of data diodes has spread to other government agencies and then into highly regulated critical infrastructure operations like nuclear power plants. Today, data diodes are in widespread use globally across many industries (power generation, telecom, transportation, financial services, data centers, mining, water/wastewater, etc.). As cyber attacks continue to increase and prove that “standard” cybersecurity technologies (firewalls, RBAC, etc.) aren’t enough anymore, organizations are turning to data diodes to provide the only cybersecurity that absolutely cannot be hacked.