*** Welcome to piglix ***

Data diode


A unidirectional network (also referred to as a unidirectional security gateway or data diode) is a network appliance or device allowing data to travel only in one direction, used in guaranteeing information security. They are most commonly found in high security environments such as defense, where they serve as connections between two or more networks of differing security classifications. This technology can now be found at the industrial control level for such facilities as nuclear power plants, and electric power generation.

The physical nature of unidirectional networks only allows data to pass from one side (referred to as the "low" side) of a network connection to another (referred to as the "high" side), and not the other way around. The benefits for the users of the high side network are that their data is kept confidential while they have access to data from the low side. Such functionality can be attractive if sensitive data is stored on a network which requires connectivity with the Internet. Traditionally the data would be vulnerable to intrusions from the Internet, however with a unidirectional network separating a high side with sensitive data, and a low side with Internet connectivity, one can achieve the best of both worlds. This holds true even if both the low and the high network are compromised, as the security guarantees are physical in nature.

The controlled interface that comprises the send and receive elements of a unidirectional network acts as a one-way " break" between both two-way network domains it connects. This does not preclude unidirectional network use in transferring protocols like TCP/IP, that require communications (including acknowledgments) between sender and receiver. By employing TCP/IP client-server proxies prior to, and after one-way transfer, data transported as TCP packet flows can gain the security value of unidirectional transfer.

The idea of unidirectional networks have been around since the 1960s. This was developed further in the 1990s by Australia's Defence Science and Technology Organisation (DSTO) in the 1990s on the data diode and the Interactive Link.

The most common form of a unidirectional network is a simple, modified, fiber-optic network link, with send and receive transceivers removed or disconnected for one direction, and any link failure protection mechanisms disabled. Commercial products rely on this basic design, but add other software functionality that provides applications with an interface which helps them pass data across the link.


...
Wikipedia

...