Support
For support on your Fox DataDiode please contact us at:
- E-mail: datadiode@fox-it.com
- Phone: +31 (0)15 284 79 99
For online support we have provided a list of Frequently Asked Questions:
General
Why would you need only one-way communication?
There are many possible scenario's where you would like to make use of information from one system or network, and make use of that information on another system or network. Usually a physical connection will be made between the 2 systems or networks. In some situations, a link to another network or system will not be allowed to make. Current 'airgap' solutions comprise of the data being put on a transport medium like a CD ROM and then copied of that CD ROM on the other network. The data diode allows you to make a 100% guaranteed one-way link so there is no need to run around with CD ROMS or other transport media. Please click here for some example scenarios where one-way guaranteed communication is demanded.
If I need a one-way link, why can't I make use of a firewall?
A firewall contains logic and is therefore vulnerable to an attack. A firewall is an 'intelligent' device and that intelligence might be attacked. The hardware data diode however contains no logic an therefore cannot be attacked. It is the only solution available that is 100% guaranteed one-way.
What are typical users of the hardware data diode?
Especially in high security environments, it is often not allowed to make a link between high security networks, and 'lower' security networks. Therefore customers of the hardware data diode are usually governmental customers or commercial customers with very high security demands.
What is the difference between the Fox DataDiode and the Fort Fox Hardware Data Diode?
The Fort Fox Hardware Data Diode is the hardware data diode itself. It contains no moving parts like a hard disk and no logic, to make it very secure. The Fox DataDiode also includes 2 high-end servers that offer support for a number of services. The Fox DataDiode is the Fort Fox Hardware Data Diode plus servers.
Why do I need servers besides the hardware data diode?
The hardware data diode only supports one-way Ethernet traffic. Most protocols however cannot handle one-way traffic. That is where the servers come in place. The servers contain software that mimic a specific service and send the required response, as if the service on the receiving end of the hardware data diode would send that response.
Which different options are available?
The Hardware Data DIode comes with fiber connectors that support 1 GB/s transfers. The Fox DataDiode servers come with UTP or fiber connectors, RAID support and redundant power supply. Please note that at extra costs, it's also possible to have the default 146GB hard disks in the Fox DataDiode servers replaced by larger disks.
Furthermore, fiber to RS232 adapters are available allowing you to use the Fort Fox Hardware Data Diode in your specific or proprietary environment. Please note that the RS232 connectors are not compliant with the Fox DataDIode servers and proxy software.
Is the hardware data diode EAL certified?
The FoxDataDiode has the Common Criteria EAL 7+. This makes the Fort Fox Hardware Data Diode the highest evaluated product in the world.
What are the dimensions of the hardware data diode?
The Fort Fox Hardware Data Diode case is 1 rack unit (1U) high and approximately 23cm (9 inch) deep and 43cm (17 inch) wide. The case perfectly fits in a 19 inch rack. Furthermore, due to its limited depth, it is possible to position two Hardware Data DIode in a single 1U slot back-to-back.
Software services support
Which protocols are supported by the Data Diode?
The Fort Fox Hardware Data Diode by itself only supports one-way Ethernet, since it contains no logic. The proxy software on the Fox DataDiode servers currently support FTP, FTP/s, SMTP, CIFS, SNMP, Syslog, NTP and any other protocol based on one-way UDP by default.
Which protocols will be supported in future releases?
In the next releases the following services are planned to be supported: SFTP based on SSH and SCP. Expected Q4 2010.
Is streaming media supported?
The Fox DataDiode supports UDP and on project basis TCP is also supported.
Can the Data Diode also support our specialized services?
Fox-IT has the ability to develop specialized service connectors for the Fox DataDIode upon request. Please note that specialized services come at an extra cost.
TEMPEST
What is TEMPEST?
TEMPEST stands for 'Telecommunications Electronics Material Protected from Emanating Spurious Transmissions'. The current definition on the website Techtarget on TEMPEST states: 'Tempest was the name of a classified (secret) U.S. government project to study (probably for the purpose of both exploiting and guarding against) the susceptibility of some computer and telecommunications devices to emit electromagnetic radiation (EMR) in a manner that can be used to reconstruct intelligible data. Tempest's name is believed to have been a code name used during development by the U. S. government in the late 1960s, but at a somewhat later stage, it became an acronym for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. Today, in military circles, the term has been officially supplanted by Emsec (for Emissions Security); however, the term Tempest is still widely used in the civilian arena.' For more information please see for example the following websites:
Is the Data Diode TEMPEST shielded?
The hardware datadiode (NOT the optional FFDD software servers) is TEMPEST 'ready'. The Hardware Data DIode can be certified for SDIP 27 Level A or SDIP 27 Level B without much expected extra effort. In the past, Hardware Data Diodes have been successfully certified. Please note that TEMPEST certifications per Hardware Data Diode come at extra costs. The Fox DataDiode servers can be any TEMPEST shielded server as long as it supports FoxBSD, a custom high secure version of OpenBSD. In addition our own Fox DataDiode servers can be TEMPEST shielded and certified.
Configuration and installation
Does the administrator on the 'low security level' need information on the configuration of the 'high secure level' network?
No. The administrator on the data sending side of the Fox DataDiode needs no information at all on the configuration or of any component on the receiving end of the Fox DataDiode.
What's the default installation time of a typical Fox DataDiode setup?
4 hours, including the time to test the setup. Fox-IT has developed a preparation list with questions. If the list is complete, setup usually takes only 4 hours! Installation is a breeze since only 30 variables need to be filled in at the configuration webfrontend.
Does the administrator need to have OpenBSD knowledge and experience?
No. Configuration of the Fox DataDiode servers is via a webfrontend only.
Troubleshooting and support
How does the update process work?
The Fort Fox Hardware Data Diode does not have a need to be updated since it contains no logic and already supports transfer speeds up to 1 GB/s. The Fox DataDiode servers will have a configuration download option in the next release. With a CD-ROM containing the updated software the update process is simple, easy and fast.
Administration
Is remote syslog supported?
The Fox DataDiode servers support remote syslog for the logentries on these servers.
