Lanode.com

  • Increase font size
  • Default font size
  • Decrease font size
Home Products Encryption and Data Security Devices Data Security Diodes Uni-Directional Diodes - Multi-Point Dual Location

Uni-Directional Diodes - Multi-Point Dual Location

E-mail Print

Uni-Directional Data Security Diodes - Multi-Point Dual Location

Reflecting Lanode's capability in developing secure systems, we offer a range of Uni-Directional Data Security Diodes. These network devices ensure data can only travel in one direction and are commonly used to provide connections between networks of differing security classifications.

For Multi-Point Dual Locations the options available are as follows:

Uni-Directional Data Security Diodes - Multi-Point Dual Location CT-20RD

Our Uni-Directional Multi-Point Dual Location Data Security Diodes are one more defense layer against a broad range of internal/insider or external cyber threats that can escape common security applications – to reveal and corrupt sensitive data or make other mission-critical information services nonavailable. Protect secure servers and sensitive data from compromise by placing our Uni-Directional Data Security Diodes in environments where un-restricted two-way, bi-directional communications expose secure servers and their sensitive data to penetration and malicious attack.

Application 1: Data Security Diodes copy/forward information originating from a single un-secured open source to a pair of restricted, High-Security destinations using two Fibre Optic links. Some with dual input/output channels, forward information
originating from two un-secured open sources, to a pair of restricted, High-Security Host destinations using two Fibre-optic links.They simultaneously partition each data path to completely block sensitive data from being transmitted in the reverse direction.

Application 2: Canary Data Security Diodes are positioned to allow duplicated/parallel transmission of authorized Data originating from a single restricted, High-Security source, to a pair of unprotected, insecure destinations, or selectively forward over a partitioned Fibre link.

Partitioned data paths shield Secure Sources from hidden viruses, Trojans, malicious programs or other intrusion attempts, preventing the unintended corruption, release or exposure of sensitive information, or its loss and non-availability. Local Diode/Host UTP connections are nominally full duplex. However, bi-directional full duplex traffic is never transmitted between linked Data Diodes. Data handling functions including IP acknowledgements, Flow-Control and error correction are completely disabled and no internal or external means are available to restore inter-Diode bi-directional capability.

Features:

  • One-Way, Redundant Data Transmission
  • Unauthorized Transmissions Blocked
  • RJ-45 Auto-Negotiation
  • Auto-Cross for Simple Host Connections

Plug-and-Go Connections: Various options are available depending on the selected Data Diode as follows:

  • Configure your applications to run via UDP. Connect the un-secure device to CT-20RD or GT-55RD transmit-only Data Security Diodes that forward the traffic to remote, receive-only CT-20TR or GT-55TR Diodes. The receive-only Diodes copy the traffic to redundant pairs of secure Destination Hosts. (Application 1.) Reverse configuration for Application 2.
  • Configure your applications to run via UDP. Connect (2) un-secure devices to CT-20TD or GT-55TD transmit-only Data Security Diodes that forward the traffic to remote, receive-only CT-20TR or GT-55TR Diodes. The receive-only Diodes copy the traffic to a pair of secure Destination Hosts. (Application 1). Reverse the configuration for Application 2.
  • Connect a pair of un-secure Source & Proxy devices to a CT-20PD or GT-55PD transmit-only Data Security Diode that copies one side of their TCP/IP conversation to a remote CT-20R or GT-55R receive-only Diode. The receive-only Diode forwards the one-sided copy to a Secure Destination host. (Application 1) Reverse configuration for Application 2.
  • Configure your applications to run via UDP. Connect (2) un-secure devices to CF-21TD or GF-55TD transmit-only Data Security Diodes that forward the traffic to remote, receive-only CF-21TR or GF-55TR Diodes. The receive-only Diodes copy the traffic to a pair of secure Destination Hosts. (Application 1). Reverse configuration for Application 2.
  • Copy one-side of TCP/IP Traffic over Fibre by connecting a pair of un-secure Source & Proxy devices to a CF-21PD or GF-55PD transmit-only Data Security Diode that copies one side of their TCP/IP conversation to a remote CF-21R or GF-55R receive-only Diode. The receive-only Diode forwards the one-sided copy to a Secure Destination host. (Application 1) Reverse configuration for Application 2.
  • Connect a pair of un-secure Source & Proxy devices to a CF-21UPD or GF-55UPD transmit-only Data Security Diode that copies one side of their TCP/IP conversation to a remote CF-21R or GF-55R receive-only Diode. The receive-only Diode forwards the one-sided copy to a Secure Destination host. (Application 1) Reverse configuration for Application 2.
  • Configure your applications to run via UDP. Connect (2) un-secure devices to CF-21UTD or GF-55UTD transmit-only Data Security Diodes that forward the traffic to remote, receive-only CF-21UTR or GF-55UTR Diodes. The receive-only Diodes copy the traffic to a pair of secure Destination Hosts. (Application 1). Reverse configuration for Application 2.

Flexible, Secure Network/Host Configurations:

Low to High: Forward information to a Higher Security environment while blocking the un-authorized release of sensitive data in the reverse direction;

High to Low: Restrict authorized user access. Maintain System and Data Security, Integrity and Availability while allowing the limited export of selective information to lower security-level destinations.

Hardwired Immunity from External Software threats: The Canary Data Security Diodes execute their key functions in hardware. There is no vulnerable software, firmware, memory or buffers that can be exploited to attack and surreptitiously alter or disable their function. Using UDP or similar protocol over the point-to-point link eliminates the need for normal  transmission acknowledgments. Control physical access to your Canary Data Security Diodes and safely deliver critical data where needed – Easy, Secure, Information Availability!

Specifications common to all units are as follows:

Power: 100 - 240 VAC Auto-ranging, wall-mount; 9 - 48 VDC input plus Terminal Block option
Temperature: Operating: 0º C to 50º C; Storage: -20º C to 70º C
Humidity: Operating: 10% to 80% RH; Storage: 5% to 90% RH
Emissions: FCC Part 15 of Class B & CE: Pending
Safety: US 21 CFR (J) & EN 60825-1 standards and UL 1950 applications, EN 60950: Pending
Dimensions: 5.21 in. x 8.43 in. x 1.64 in. (D x W x H); [12.7 cm x 20.3 cm x 4.4 cm] (D x W x H)
Weight: 5.5 lb. (2.5 Kg) (Shipping Wt.)
Management:
No management reporting or access to internal functions; No provision for error handling/reporting
Mechanical & Environmental:
Inside, Desktop locations or 19” rack-enclosures; A pair of units can be mounted side-by-side on a standard 19” wide shelf.

NB: Full details on the 19" Rack-shelf assembly, incorporating the power supplies, is available on request.

Specific features & specifications for each unit are shown below:

(NB: Only the specification differences are shown for subsequent units after the CT-20RD below. Also for specific details on any of the various interfaces per unit, please contact Lanode directly)

CT-20RD/ CT-20TR & GT-55RD/ GT-55TR Redundant Data Diodes

CT-20RD/ CT-20TR & GT-55RD/ GT-55TR Redundant Data Diodes diagram

Standards:

  • IEEE 802.3u 100BASE-TX, 100BASE-FX
  • IEEE 802.3ab,z 1000BASE-T, 1000BASE-X
  • IEEE 802.1d Spanning Tree: None
  • IEEE 802.1q VLAN: Limited Functionality
  • IEEE 802.3x Flow Control Not Supported

Throughput: 100 Mbps (One-way transmission Max.); 1000 Mbps (One-way transmission Max.)
Maximum Distances:

  • RJ-45/UTP: 100 meters;
  • Fibre Optic: 100 Mb: 2 Km; 20, 40, 60 Km; 1000 Mb: 500 m, 10, 20, 30, 60 Km

Networking – Local User Connections:

  • 100BASE-TX & 1000BASE-T: Auto-negotiation and Autocrossover enable half/full duplex Ethernet Diode Links with local Source and separately, remote Destination equipment.
  • 100 & 1000 Mbps Fibre Inter-Diode Links do not forward full duplex bi-directional traffic. UDP Destination Address, Port Number & Checksum are enabled by application as desired.

CT-20TD/ CT-20TR & GT-55TD/ GT-55TR Dual-Channel Data Diodes

CT-20TD/ CT-20TR & GT-55TD/ GT-55TR Dual-Channel Data Diodes diagram

Standards:

  • IEEE 802.3ab,z 1000BASE-T, 1000BASE-SX/LX

Maximum Distances:

  • RJ-45/UTP: 100 meters;
  • Fibre Optic: 100 Mb: 2 Km, 20, 40, 60, 80 Km; 1000 Mb: 500 m, 10, 20, 30, 60 Km

CT-20PD/ CT-20R & GT-55PD/ GT-55R Proxy-Channel Data Diodes

CT-20PD/ CT-20R & GT-55PD/ GT-55R Proxy-Channel Data Diodes diagram

Standards:

  • IEEE 802.3ab,z 1000BASE-T, 1000BASE-X, SX, LX

Networking – Local User Connections:

  • 100BASE-TX/FX & 1000BASE-T/X: Auto-negotiation and Autocrossover enable half/full duplex Ethernet Diode Links with local Source and separately, remote Destination equipment. Only local Source & Proxy devices exchange TCP/IP traffic acknowledgements.

Maximum Distances:

  • RJ-45/UTP: 100 meters;
  • Fibre Optic: 100 Mb: 2 Km; 20, 40, 60 Km; 1000 Mb: 500 m, 10, 20, 30, 60 Km

CF-21TD/ CF-21TR & GF-55TD/ GF-55TR Dual-Channel Data Diodes

CF-21TD/ CF-21TR & GF-55TD/ GF-55TR Dual-Channel Data Diodes diagram

Standards:

  • IEEE 802.3u 100BASE-FX
  • IEEE 802.3z 1000BASE-X

Networking – Local User Connections:

  • 100BASE-FX & 1000BASE-SX/LX: Handshaking with Auto-configuration to enable full duplex Ethernet Diode Links with local Source and separately, remote Destination equipment.

Maximum Distances:

  • RJ-45/UTP: 100 meters;
  • Fibre Optic: 100 Mb: 2 Km, 20, 40, 60, 80 Km; 1000 Mb: 500 m, 10, 20, 30, 60 Km

CF-21PD/ CF-21R & GF-55PD/ GF-55R Proxy-Channel Data Diodes

CF-21PD/ CF-21R & GF-55PD/ GF-55R Proxy-Channel Data Diodes diagram

Standards:

  • IEEE 802.3z 1000BASE-X (SX, LX, ZX)

Networking – Local User Connections:

  • 100BASE-FX & 1000BASE-X: Handshaking to auto-configure local full duplex links with Source & Proxy devices and separately with remote Destination equipment. Only Local Source & Proxy devices exchange TCP/IP traffic acknowledgements.

Maximum Distances:

  • RJ-45/UTP: 100 meters;
  • Fibre Optic: 100 Mb: 2 Km, 20, 40, 60, 80+ Km; 1000 Mb: 500 m, 10, 20, 30, 60+ Km

CF-21UPD/ CF-21R & GF-55UPD/ GF-55R Proxy-Channel Data Diodes

CF-21UPD/ CF-21R & GF-55UPD/ GF-55R Proxy-Channel Data Diodes diagram

Standards:

  • IEEE 802.3u 100BASE-TX, 100BASE-FX
  • IEEE 802.3ab,z 1000BASE-T, 1000BASE-X

Networking – Local User Connections:

  • 100BASE-TX/FX & 1000BASE-T/X: Auto-negotiation and Auto-crossover enable full duplex Ethernet Links with local, Source & Proxy and separately with remote Destination equipment. Only local Source & Proxy devices exchange TCP/IP traffic acknowledgements.

Maximum Distances:

  • RJ-45/UTP: 100 meters;
  • Fibre Optic: 100 Mb: 2 Km, 20, 40, 60, 80 Km; 1000 Mb: 500 m, 10, 20, 30, 60 Km

CF-21UTD/ 21UTR & GF-55UTD/ 55UTR Dual-Channel Data Diodes

CF-21UTD/ 21UTR & GF-55UTD/ 55UTR Dual-Channel Data Diodes diagram

Networking – Local User Connections:

  • 100BASE-TX & 1000BASE-T: Auto-negotiation and Auto-crossover enable half/full duplex Ethernet Diode Links with local Source and separately, remote Destination equipment.
  • 100BASE-FX & 1000BASE-SX/LX: Handshaking to auto-configure local full duplex links with Source equipment.

(NB: As noted earlier only the specification differences are shown for subsequent units after the first unit, CT-20RD above. Also for specific details on any of the various interfaces per unit, please contact Lanode directly)