Learn About Data Diodes

Data diodes are hardware-based devices with two nodes or circuits—one send only and one receive only—that allow the flow of data in one direction only, from a source to a destination.

It is perhaps simplest to think of data diodes as one-way valves for data, allowing data to flow out, without a way back in.

Watch as Owl employees (not actors) break it down for you in less than 3 minutes.

What is a Data Diode?

The simplest example is a modified RS-232 cable.

RS-232 cables only contain three pins: transmit, receive, and ground. If the receive pin is removed, then data can only physically be transmitted and not received.

While secure, the problem is that the protocols used over the connection are expecting responses that are no longer being provided, causing them to malfunction.

How are Owl Data Diodes different?

An Owl data diode goes way beyond a disabled cable; it is a hardware-based electronic device designed with two separate circuits–one send-only, and one receive-only–which physically constrain the transfer of data to one direction only and form an “air gap” between the source and destination networks. Owl provides a multi-layered, patented approach to the design of our data diodes.

Over the last 20 years, Owl has been developing and refining data diode technologies, consistently well ahead of any other competing solution. Owl solutions feature transfer rates at up to an industry-leading 10 gigabits per second, with a packet transfer latency of 2 milliseconds or less. In addition, the reliability, high bandwidth, and low latency of Owl solutions means packets never require retransmission, creating a highly tuned and optimized solutions with zero data loss when operating within the specified bandwidth rate.

One-Way in a Two-Way World

In order to address the expected “handshakes” or acknowledgments of two-way protocols in a one-way system, an Owl data diode employs a proxy computer on both its send and receive sides.

The source communicates with the send side proxy of the data diode. That two-way protocol is then converted to a one-way data transfer across the data diode to the receive side. Then the receive side proxy initiates a new two-way communication with the destination and completes the data transfer.

What are data diodes used for?

Data diodes are used to segment and defend networks, and transfer information in one direction. They allow data to be sent from a secured network/segment to external systems and users (e.g. the cloud, a remote monitoring facility, regulatory bodies), without creating a threat vector back into the secured network.

Data diodes can be used to protect network segments of all sizes, from a single controller to an entire facility.


How are data diodes superior to firewalls?

Controlled Data Flow
Data diodes are hardware-enforced data transfer solutions that use the laws of physics to provide unhackable security.
Vulnerable Software
Firewalls give people a false sense of security. Since a firewall is merely software protecting more vulnerable software, it can also be susceptible to attack.

But what if I need
to send data two-ways?

Some systems cannot operate one-way, so they require a two-way solution. For these use cases, Owl has a unique bidirectional data diode solution – ReCon – that operates on two parallel one-way paths. Get all the security advantages of data diodes with the flexibility of a two-way solution.

Two-Way Solutions

What About Cross Domain Solutions?

Owl’s proven, hardware-based data diode technology is an intricate and differentiating part of Owl cross domain solutions (CDS).

The function of a cross domain solution is to provide content filtering and transfer from one network domain or enclave to another, most times changing from one security level to another, either to a higher or lower level (unclassified-NIPRNet to Secret-SIPRNet, Secret to Top Secret-JWICs, etc.). Built with sophisticated software, including hardened trusted operating systems, CDSs are designed to enforce a non-bypassable security policy on all data transfers to and from sensitive network domains.

Owl offers a series of data diode cross domain solutions, from high-bandwidth server based solutions to all-in-one appliances, including mobile tactical and even miniaturized solutions.