|
|
||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
|
||||||||||||||||||||||||||
|
|
|
Sertifiserte produkt >
Fort Fox Hardware Data Diode
|
Fort Fox Hardware Data Diode
| Versjon FFHDD2 |
Build Not applicable |
Sertifiseringa er omfatta av CCRA. |
| Produkttype Data Diode |
Tillitsnivå EAL 4 augmented with AVA_VAN.5 and ALC_DVS.2 |
|
| Status Certified |
Sertifiseringsdato 3. march 2010 |
|
| Sikkerhetsobjekt Fort Fox Hardware Data Diode Security Target |
Sertifiseringsrapport SERTIT-014 CR |
|
| Evalueringsfirma Brightsight |
Utviklar Fox-IT BV Bartek Gedrojc Telefon: +31(0)15 284 79 99 Fax: +31(0)15 284 79 90 |
Produktbeskriving
The data diode has two operational interfaces to establish one-way communication, the Bidirectional Input and Unidirectional Output port. At the Low Security Level Transceiver light is carried into the Bidirectional Input port and converted, with the aid of a photocell, into an electrical signal. The electrical signal spreads through the data diode to the High Security Level Transceiver. The High Security Level Transceiver receives the electrical signal and converts this, using a light source, into light. Finally, the light is offered, through the Unidirectional Output port, to the High Security Level Network. The Unidirectional Output port is incapable of input and therefore lacks the ability of converting light into an electrical signal. Consequently, an electrical signal is unable to propagate to the Low Security Level Transceiver and therefore incapable to create a covert channel.
Fiber optics is used to transport signals from and to the data diode Bidirectional Input and Unidirectional Output ports. Electrical signals only transport signals inside the data diode, which is completely enclosed by analuminum casing. This approach minimizes the electromagnetic emanation and the tempest security threat.
Unidirectional communication does not work with a network protocol that requires a handshake (acknowledgement). To establish a communication link between the Low Security Level side and the Low Security Level Transceiver, a Bidirectional Input port is initiated. Data, information, or communication originating at the Output (High Security Level) is physically unable to flow to the Bidirectional Input port (Low Security Level) via the data diode, therefore there is no back channel which could be used as a covert channel. Any network protocol could be used to implement the communication if no handshaking across the data diode is required e.g. the User Datagram Protocol (UDP) can provide a unidirectional flow of information.