PSTgateways
A family of application level gateways (which allow controlled data transfer) that allow the exchange of information in both directions independently (bidirectional scenarios), forcing a unidirectional connection and guaranteeing the impossibility of any type of traffic between the two networks, other than that transferred by the system itself.
Overview
PSTgateways is a family of boundary protection devices which allow controlled data transfer between security domains. PSTgateways products based on this technology share a common architecture and differ in the supported data flows, called ‘services’.
Its layout, software and security features support the main goal of preserving the security properties of the HIGH security domain while allowing controlled data transfer in both directions independently (bidirectional scenarios). The impos- sibility of any type of traffic between the two networks, apart from the data transferred by the system itself, is guaranteed.
True network separation
PSTgateways architecture provides true network separation. Its key points are a 2 host layout and a complete TCP/IP protocol break enforcement. Both appliances act as protocol endpoints and communicate using standard protocols with nodes on each domain.
Application level gateways
Data elements of the application layer (files, email messag- es, etc.) are extracted and automatically transferred to the other domain. Protocol headers of all stack layers are discarded and new packets are created on the other network for sending the extracted data.
Ease of deployment and use
PSTgateways devices are composed of two 19” appliances with all the necessary software installed (firmware).
Each appliance is deployed on one security domain and communicates with the other through a passive device. From the security point of view the solution is asymmetrical; it is exclusively administered from the HIGH security domain. Two additional software components are included, one for the remote administration of the system (PSTadm) and another for transfer data logging (PSTaud). These are installed in general purpose computers.
Feature Overview
Topology
Deployment
Administration
Administration roles
• Root Administrator
• Security Administrator
• Services Administrator
• Monitoring Administrator
Status and error notifications
Transfered data loggin
Automatic time synchronization
High availability (optional)
Maximal bandwidth
Security
Topology
Application layer endpoint on both sides
Boundary network protection
Administrative communications
Transferred data logging
Appliance software integrity
Solutions
COTS Products
- PSTmail: E-mail exchange between two security domains.
- PSTfile: Automatically transfers files between servers on different security domains.
- PSTupd: UDP payload transfers.
Solutions for specific environments
- PSTmip: MIP4 Command & Control Systems.
- PSTcsd: JISR Information Exchange (MAJIIC).
- PSTjreap: Tactical Data Link via JREAP-C.
- PSTatx: ASTERIX Surveillance Information.
Customizations
- Customisation of data exchange control via Web Services.
- Development of custom filters for any of data flow service.
- Extension to support new communication protocols.
Join the Autek team
A team that works with the objective of growing together doing what we like and facing the challenge of improving at every step.