Learn About Data Diodes
A data diode, or one-way data transfer device, provides a proven, highly secure means to transfer data between sensitive, isolated, or air-gapped systems without providing a return pathway. They are most commonly used to securely gather valuable information from these types of systems, including secure remote monitoring.
What is a Data Diode?
Data diodes contain two nodes or circuits—one send-only and one receive-only—that only allow the flow of data in one direction. Because this data flow is enforced by hardware, the device is physically unable to send information in the other direction.
It is perhaps simplest to think of data diodes as one-way valves for data, allowing data to flow out, without a way back in.
One-Way in a Two-Way World
It is relatively easy to create a simple one-way data transfer system (it could be accomplished by simply clipping the return wire on a pair of serial communication cables). However, it’s far more difficult to engineer a high-performance, reliable, and secure one-way data transfer system.
While there are protocols, such as UDP, which can operate one-way without “handshakes”or acknowledgements, in order to address the requirements of two-way protocols in a one-way system, Owl data diodes employ a proxy computer on both its send and receive sides.
The source system or device communicates with the send side proxy of the data diode. The proxy then converts that two-way protocol into a one-way protocol for transfer across the data diode to the receive side. Then the receive side proxy repackages the data into the original protocol and initiates a new two-way communication with the destination system to complete the data transfer.
What are data diodes used for?
Data diodes are used to segment and defend networks and securely transfer information in one direction. They allow data to be sent from an isolated or secure network/segment to external systems and users, including IT networks, remote monitoring facilities, regulatory bodies, or the cloud. Data diodes can be used to protect network segments of all sizes, from a single controller to an entire facility.
Use Cases Include:
- OT-to-IT Data Transfer
- Remote Systems Monitoring
- Security / SIEM / IDS Data
- Systems Optimization & Digital Twins
- Cloud Data Aggregation
- Simplifying Regulatory Compliance
What’s the difference between data diodes and firewalls?
While useful in combination with other security tools, firewalls are particularly prone to probing and malware attacks, as well as exploits of software flaws, and are completely reliant on policy, which can be changed.
In contrast, data diodes are enforced by hardware, and are not prone to probing or malware, including methods that might attempt to bypass or “open up” the target system to attack. They as close in security as one can get to an air gap.
How are data diodes superior to firewalls?
Protocol Filtering Diodes (PFD)
Protocol Filtering Diodes (PFD) are a subclass of data diodes in which the protocol break and packet transformation are performed in the data diode hardware itself (FPGAs), rather than in the proxy software on each side of the data diode. PFD itself is not an Owl proprietary technology, rather it is a classification of data diodes.
Data diodes which do not perform protocol filtering in hardware are now referred to as “Simple Diode Solutions” (SDS). Owl’s previous methodology utilizing an ATM-based protocol was a part of this architecture. Among these two classes, PFD are considered superior to SDS in security and capability by the US Government.
How are Owl Data Diodes different?
Owl has been developing and refining data diode technologies for over 25 years, consistently well ahead of any other competing solutions. As such, Owl data diodes go way beyond a simple hardware component; they are sophisticated devices designed with a multi-layered, patented approach to the hardware and software required for simultaneous unidirectional transfer of a variety of data types and applications.
Owl data diodes feature transfer rates at up to an industry-leading 100 gigabits per second, with a packet transfer latency of 2 milliseconds or less. In addition, the reliability, high bandwidth, and low latency of Owl solutions means packets never require retransmission, creating a highly tuned and optimized solutions with zero data loss when operating within the specified bandwidth rate.
