Este
tipo de dispositivo interconecta las redes rompiendo la continuidad de los
protocolos de comunicaciones, obligando a que el flujo de información sea en un
solo sentido.
Un
ejemplo de dispositivo de sentido único sería la interconexión de dos redes
mediante un diodo basado en comunicaciones unidireccionales. El acceso a
información de Internet, sería el ejemplo más evidente de flujo de información
en un solo sentido que podría implicar el uso de este tipo de dispositivos.
[CCN-STIC-302:2012]
A data diode
is a "one-way" data communication device. often consisting of a
physical-layer unidirectional limitation. Using only 1/2 of a fiber optic
"transmit/receive" pair would enforce unidirectional communication at
the physical layer. while proper con-figuration of a network firewall could
logically enforce unidirectional communication at the network layer.
[knapp:2014]
A network
gateway device that only allows communication in one direction, such as a Data
Diode. [knapp:2014]
A unidirectional
network (also referred to as a unidirectional security gateway or data diode)
is a network appliance or device allowing data to travel only in one direction,
used in guaranteeing information security. They are most commonly found in high
security environments such as defense, where they serve as connections between
two or more networks of differing security classifications. This technology can
now be found at the Industrial Control level for such facilities as nuclear power
plants, and electric power generation.
http://en.wikipedia.org/wiki/Unidirectional_network
Data Diode
security products offer one-way communications, allowing secure transfers from
a "low security" network to a "high security" network
without allowing a path for information to travel back. The most common form of
a data diode (unidirectional network) is a simple modified fiber optic cable,
with send and receive transceivers removed for one direction. Most commercial
products add other software functionality.
The benefit of
this type of network connection is it allows networks with sensitive
information stored to have access to the Internet as well. There are some
drawbacks to this design, unless the vendor builds in software to overcome the
drawbacks. TCP/IP communications that require acknowledgements can't flow
successfully over a purely hardware data diode, and there is no way for the
"low" network to ensure a successful data transfer occurred. Also,
this does not prevent viruses or other malicious programs from travelling to
the "high" network through the connection.
These products
tend to focus on the defense and infrastructure environments where security is
critical.
http://www.securitywizardry.com/index.php/products/boundary-guard/data-diodes.html
Temas relacionados