Ethernet Packet Transfer

Owl PaciT®

Owl PaciT® is a two-server, enterprise solution, using a dedicated send-only server and a dedicated destination-only server for raw Ethernet packet transfer at full line rate. The servers are connected by Owl’s proprietary data diode hardware to create a deterministic one-way only data transfer path.

Overview

Analyze Network Traffic in Real-Time

In critical infrastructure plant operations, the collection of network data usually requires secure transfer to an analysis center for review and long-term storage.

In these cases, a reliable and accredited cybersecurity solution must be utilized to ensure a secure one-way data transfer across network boundaries.

Owl PaciT® is a two-server, enterprise solution, using a dedicated send-only server and a dedicated destination-only server. The servers are connected by Owl’s proprietary data diode hardware to create a deterministic one-way only data transfer path.

Real-Time Analysis

A nuclear power generation company needed to perform real-time analysis on all OT network traffic on an isolated forensic network. Given the regulatory requirements and associated network isolation restrictions, a secure one-way solution was required to provide compliance, as well as access to critical network traffic.

Owl PaciT® enabled secure one-way transfer of 100% of network traffic, at line rate, across the security boundary to an isolated network for analysis. Using Owl’s deterministic one-way only data transfer pathway, Owl PaciT® would meet all compliance requirements for transfer of network traffic across the security boundary.

Operating System and System Administration

The security imposed by Owl PaciT® is only as rigorous as the environment in which the solution operates, and the controls placed on those administrators given privileged access to the solution’s operation. The architecture of Owl PaciT® enables secure defense-in-depth, and provides the customer a component of an overall IT/OT defense-in-depth strategy.

Owl PaciT® performs its functions in a hardened Linux OS — Owl Security Enhanced Linux (OSEL). The OSEL profile applies explicit constraints and limits on what tasks the operating system can perform, and on what functions software applications (including Owl proxy applications) can deliver. Activities in violation of these constraints/limits are prohibited. Applications attempting to act outside defined, specific, functions are disabled. Network security is maintained. Access levels to Owl PaciT® administration are explicitly defined, as well. Owl and the customer operator define privileged administrator profiles and their levels (or roles) of permitted functional activity. Owl PaciT® enforces user-case defined Owl Role-based Access Controls (RBAC).

Tech Specs

Technical Specifications

OWL DATA DIODE TECHNOLOGY

Server-mounted custom-designed communication cards – one source-only, one destination-only

OWL V7 COMMUNICATION CARDS

Owl Version 7 Communication Card hardware and drivers enable one-way-only data transfer

OWL COMMUNICATION CARD SOFTWARE

Secure Transfer System source/destination drivers & source/destination install software

COMPATIBILITY

High-end COTS servers

CONFIGURATIONS

Standard capacity (1 Gbps) and high capacity (10 Gbps)

Resources
Looking for Support on this Product?