Ethernet Packet Transfer
PaciT

PaciT is a two-server, enterprise solution, using a dedicated send-only server and a dedicated destination-only server for raw Ethernet packet transfer at full line rate. The servers are connected by Owl’s proprietary data diode hardware to create a deterministic one-way only data transfer path. Owl’s hardware technology provides a complete non-routable protocol break, assurance of confidentiality, and network isolation.

Overview

Analyze Network Traffic in Real-Time

In critical infrastructure plant operations, the collection of network data usually requires secure transfer to an analysis center for review and long-term storage.

In these cases, a reliable and accredited cybersecurity solution must be utilized to ensure a secure one-way data transfer across network boundaries.

PaciT is a two-server, enterprise solution, using a dedicated send-only server and a dedicated destination-only server. The servers are connected by Owl’s proprietary data diode hardware to create a deterministic one-way only data transfer path. Owl’s hardware technology provides a complete non-routable protocol break, assurance of confidentiality, and network isolation.

Real-Time Analysis

A nuclear power generation company needed to perform real-time analysis on all OT network traffic on an isolated forensic network. Given the regulatory requirements and associated network isolation restrictions, a secure one-way solution was required to provide compliance, as well as access to critical network traffic.

PaciT enabled secure one-way transfer of 100% of network traffic, at line rate, across the security boundary to an isolated network for analysis. Using Owl’s deterministic one-way only data transfer pathway, PaciT would meet all compliance requirements for transfer of network traffic across the security boundary.

Operating System and System Administration

The security imposed by PaciT is only as rigorous as the environment in which the solution operates, and the controls placed on those administrators given privileged access to the solution’s operation. PaciT’s architecture itself enables secure defense-in-depth, and provides the customer a component of an overall IT/OT defense-in-depth strategy.

PaciT performs its functions in a hardened Linux OS — Owl Security Enhanced Linux (OSEL). The OSEL profile applies explicit constraints and limits on what tasks the operating system can perform, and on what functions software applications (including Owl proxy applications) can deliver. Activities in violation of these constraints/limits are prohibited. Applications attempting to act outside defined, specific, functions are disabled. Network security is maintained. Access levels to PaciT administration are explicitly defined, as well. Owl and the customer operator define privileged administrator profiles and their levels (or roles) of permitted functional activity. PaciT enforces user-case defined Owl Role-based Access Controls (RBAC).

Tech Specs

Technical Specifications

OWL DATA DIODE TECHNOLOGY

Server-mounted custom-designed communication cards – one source-only, one destination-only

OWL V7 COMMUNICATION CARDS

Owl Version 7 Communication Card hardware and drivers enable one-way-only data transfer

OWL COMMUNICATION CARD SOFTWARE

Secure Transfer System source/destination drivers & source/destination install software

COMPATIBILITY

High-end COTS servers

Resources
Looking for Support on this Product?