Cross-domain
To be considered for defining data flows.
A cross-domain solution is an integrated information assurance system composed of hardware and specialized sotiware that provides a controlled interface to enable and/or restrict the access or transfer of information between two security domains based on a predetermined security policy. These solutions are designed to enforce domain separation and typically include some form of content filtering, which is used to designate information that is authorized to be transferred between security domains.
DEFINED AND
All the flows must be defined and specified, including control flows, etc. It is common when an interconnection is planned, that there are required flows that were not considered and that have not been taken into account.
LIMIT FLOWS
TO A MINIMUM
Each flow has a cost (analysis, design, implementation, functional and security validation and verification) and consumes resources in execution (process, bandwidth, latency, etc.) and involves potential risks.
UNIDIRECTIONAL
FLOWS
Unidirectional flows through the interconnection should be preferred as far as possible; they are easier to analyse and manage in a secure manner.
SENSITIVE
‘DOWNSTREAM’ FLOWS
In typical scenarios where the confidentiality of the high-security domain has to be protected, 'downstream' flows are more risky and usually require special security measures.
Certifications and approvals
CC to EAL4+
Included in the NIAPC
What are PSTgateways secure gateways?
PSTgateways are hardware-based application level gateways (High Assurance Guards). They provide data flow filtering and physical separation of networks with a complete TCP/IP protocol stack break enforcement.
How do PSTgateways work?
They are based on two appliances and each of the appliances acts as the communication endpoint in a domain. Its operation is transparent to the hosts with which it communicates. The existence of the other domain is hidden from the participants in the communication.
The gateway exchanges high-level elements (files, messages, etc.) that are extracted from the application level and transferred to the other domain after applying filtering mechanisms, content control and/or ‘strong’ authorisation of each element to be transferred.
Administration and monitoring is always done from the HIGH domain and preferably through a dedicated administration network.
What is PSTdiode hardware data diode?
PSTdiode products are hardware diodes based on two appliances with the corresponding part of the one-way communication hardware mounted in each of them. This device consists of a transmiting card (TX) and a receiving card (RX), connected by an optical fibre cable.
The system integrates with the existing infrastructure: there is no need to install proxies or additional dedicated servers.
How do PSTdiode diodes work?
The diode automatically transfers high-level elements (files or payload UDP) that are extracted from the application layer and transferred to the other security domain.
Administration and monitoring is always done from the target domain and preferably via a dedicated management network.
Join the Autek team
A team that works with the objective of growing together doing what we like and facing the challenge of improving at every step.
