Fox Data Diode

Government Version

The government version is build upon OpenBSD, a UNIX-like security focussed operating system. With our quick and easy installation process the Fox DataDiode proxy servers are installed within minutes. Standard equipped with the web-based/OS-independent Management interface the solution can be configured by anyone with basic network knowledge.

File Transfer

The OpenBSD software supports various File Transfer protocols such as FTP and CIFS. FTP encryption is supported by TLS/SSL i.e. FTP/S, which makes obtaining the username/password by sniffing the network traffic infeasible.The Common Internet File System (CIFS) protocol is supported as an alternative to FTP for sending files through the Data Diode. CIFS is the protocol used by Microsoft Windows for sharing files over the network. The Data Diode CIFS support allows users on the Black network to simply drag files into a share using e.g. Windows Explorer. On the Red network files are pushed to any Windows share provided by a server or workstation.

Backup and Restore

Backup and restore allows administrators to export the settings from the Data Diode and revert the settings to an old state by importing them again.

Throughput

The maximum throughput of the Data Diode is for file-transfers up to 100 Mbits/s. For streaming data (UDP) the throughput is not limited by the software and speeds up to 800 Mbits/s can be reached.

Multi-core processors

The software takes full advantage of modern hardware platforms since it has been built to utilize multiples processor cores.

Access Control

Access to services and the web-interface is now managed using separate access control lists. Additionally, access to different endpoints (FTP and CIFS) can be limited per user or group.

Logging

Simple Network Management Protocol (SNMP) has been build into the Data Diode software. With SNMP it is possible to request settings and usage information from the Data Diode software. SNMP also allows special traps to be generated upon an error condition within the software e.g. when a transfer gets lost.

Windows Version

The Fox DataDiode Windows software consists of a service component and a configuration manager running on the BLACK and RED proxy. It has been build with flexibility in mind by allowing to address multiple data diode network interfaces on a single server. This enables options like redundancy and multiplexing. The software has been build specifically to run on Microsoft Windows XP, Vista, Server 2003 and Server 2008. 

Functions

The Fox DataDiode windows software has a number of general and generic functions that can be used for transferring data through the hardware data diode. The general and generic functions of the Fox DataDiode software are:

• File and folder transfers
• Raw socket data transfers (using UDP or TCP)
• Heartbeat and time synchronization

Based on these functions, additional capabilities can be defined like email forwarding, database replication, etc.

File and folder transfers

File transfer is based on a dropbox to dropbox folder transfer. A user or system puts files/folders in a dropbox on the Black proxy server. The Fox DataDiode windows service reads this data and pushes it through the hardware data diode. The windows service on the Red proxy server receives the data and writes it back to files/folders in the specified dropbox folder on this server. Users or systems can now retrieve these files/folders from the dropbox folder.

Up to 255 dropbox folders can be defined on each server running the Fox DataDiode windows software.

Raw socket data transfers

The raw socket data transfer function uses UDP or TCP sockets. On the Black proxy server, the Fox DataDiode windows service creates a listening (server) raw socket that receives data from systems in the network and then forwards it through the hardware data diode. The windows service on the Red proxy server receives the data and uses a client raw socket to forward this data to the specified destination on the network.

Up to 255 raw socket servers/clients can be defined on each server running the Fox DataDiode windows software.

Heartbeat and time synchronisation

The heartbeat function is a monitor function between the Black proxy server and the Red proxy server, where the Fox DataDiode windows service on the Red proxy server expects to receive a heartbeat packet from the service on the Black proxy server every specified period. The heartbeat packet contains the current local system time of the Black proxy server synchronised with the network and can therefore used by the Red proxy server to synchronise its local system time. If the Red proxy server is also used as a time source, then all other systems in the network can be synchronised as well.

Software Requirements

The Fox DataDiode windows software requires the following software components:

• Intel x86 (32-bit) or x64 (64-bit) architecture server.
• Microsoft Windows XP, Vista, Server 2003, Server 2008 operating system.
• Microsoft .NET framework version 3.5 SP1 or later.WinPCAP version 4.1.1 or later.
• PDF viewer/reader for access to the manuals.