A unidirectional network (also referred to as a unidirectional gateway or data diode) is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high-security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of Industrial IoT and Digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety-critical systems like railway networks.
After years of development, the use of data diodes have increased creating two variations:
- Data Diode: more often used to refer to the simple hardware version that physically enforces data to flow in one direction rule.
- Unidirectional Gateway: Used to describe a more sophisticated device that typically has a computer on both its Low (critical) and High (open) side. Unidirectional gateways are a combination of hardware and software. The hardware (data diode) permits data to flow from one network to another but is physically unable to send any information at all back into the source network. The software replicates databases and emulates protocol servers and devices, enabling compatibility with existing network protocols, allowing organizations to gain the benefits without changes to their existing systems.
Once only commonly found in high-security military environments, unidirectional gateways are now becoming widely spread in sectors like Oil & Gas, water/wastewater, airplanes (between flight control units and in-flight entertainment systems), manufacturing and cloud connectivity for Industrial IoT mainly to new regulations, increased demand and big industrial powerhouses. betting on the technology, lowering the cost of the core technology.
F.A.Q about Data Diode
What Is Data Diode Technology & How Does It Work?
Today's business environment is increasingly digital and more vulnerable than ever to a cyber attack. Because of this, various network security technologies have been developed to protect organizational data and infrastructures. One of the most effective of these modern technologies is the data diode. Although it is one of the most effective network security tools available, you may not have heard of this technology and know little of what it does. Below, you'll find a description of what data diode technology is and how it works.
What Is Data Diode Technology?
A data diode is a communication device that enables the safe, one-way transfer of data between segmented networks. Intelligent data diode design maintains physical and electrical separation of source and destination networks, establishing a non-routable, completely closed one-way data transfer protocol between networks. Intelligent data diodes effectively eliminate external points of entry to the sending system, preventing intruders and contagious elements from infiltrating the network. Securing all of a network’s data outflow with data diodes makes it impossible for an insecure or hostile network to pass along malware, access your system, or accidentally make harmful changes.
Data diodes allow companies to send process data in real time to information management systems for use in financial, customer service, and management decisions — without compromising the security of your network. This protects valuable information and network infrastructure from theft, destruction, tampering, and human error, mitigating the potential loss of thousands of dollars and countless hours of work.
How Does Data Diode Technology Work?
A "diode" is an electronic component that only allows current to flow in one direction. Similarly, data diode technology lets information flow safely in only one direction, from secure areas to less secure systems, without permitting reverse access. A data diode also creates a physical barrier or “air gap” between the two points. This one-way connection prevents data leakage, eliminates the threat of malware, and fully protects the process control network. Moreover, a single data diode can handle data transfers from multiple servers or devices simultaneously, without bottlenecking.
Where is it used?
Its typically used to guarantee information security or protection of critical digital systems, such as Industrial control systems, from cyber attacks. While the use of these devices is common in high-security environments such as defense, where they serve as connections between two or more networks of differing security classifications, the technology is also being used to enforce one-way communications outbound from critical digital systems to untrusted networks connected to the Internet.
The physical nature of unidirectional networks only allows data to pass from one side of a network connection to another, and not the other way around. This can be from the "low side" or untrusted network to the "high side" or trusted the network or vice versa. In the first case, data in the high side network is kept confidential and users retain access to data from the low side. Such functionality can be attractive if sensitive data is stored on a network which requires connectivity with the Internet: the high side can receive Internet data from the low side, but no data on the high side is accessible to Internet-based intrusion. In the second case, a safety-critical physical system can be made accessible for online monitoring, yet be insulated from all Internet-based attacks that might seek to cause physical damage. In both cases, the connection remains unidirectional even if both the low and the high network are compromised, as the security guarantees are physical in nature.
There are two general models for using unidirectional network connections. In the classical model, the purpose of the data diode is to prevent the export of classified data from a secure machine while allowing the import of data from an insecure machine. In the alternative model, the diode is used to allow export of data from a protected machine while preventing attacks on that machine.