SureSentry™ Data Diode*
Secure Data Distribution
- Hardware enforced one-way data flow
- Auto-switching Gigabit Ethernet ports
- Administer over HTTPS
- Common Criteria EAL2+ and FIPS 140-3 Certified (*Certification date Q4 2024)
The Sunhillo SureSentry™ Data Diode is designed to protect the integrity of a network that sources data to a separate network by strictly enforcing a one-way-only data flow. SureSentry accomplishes this by implementing a 100% hardware-enforced security protocol that cannot be disabled or bypassed. SureSentry can connect multiple networks with different security postures which is a critical element in data sharing.
SureSentry is currently undergoing certification for Common Criteria EAL2+ and FIPS 140-3 which ensure reliability and security.
Details:
Within radar surveillance data networks, it is often necessary to provide radar data from a protected network to a network with a different security posture. To fulfill this requirement without jeopardizing the safety and integrity of the secure network assets from the threats of inbound cyber-attacks, it is necessary to prevent data and control communication from the Unsecure side of the network from reaching the Secure side. SureSentry accomplishes this by implementing a 100% hardware-enforced security protocol that cannot be disabled or bypassed by any software means. Since radar networks aren’t the only type of data that needs to be protected the SureSentry is an ideal solution for other industries such as banking, Power & Utilities, Industrial networks and more.
SureSentry provides a web-enabled user interface that provides a simple configuration clearly delineating the known, protected network on left from the consumer network on the right. Configuration is enabled by defining “data circuits” which can be individually addressed to support IP data traffic. Because SureSentry supports an isolated network stack on the outbound side, it is capable of handling UDP (unicast, multicast, broadcast) and TCP connections.
Features:
Gigabit Ethernet port to Secure network. The SureSentry receives IP data from the secure network for forwarding to the unsecured network. The secure network communicates with a fully compliant IP proxy that in turn forwards one-way UDP packets to the Unsecure side of the SureSentry. With no logical or electrical receive path on the data diode Secure side UDP interface, malicious packets can’t make their way to the secure network.
Dual Gigabit Ethernet ports to Unsecured network. SureSentry can forward IP data from the secure network to the public unsecured network(s). In a mirror configuration of the Secure side, the unsecured network communicates with a fully compliant IP proxy that receives one-way UDP packets from the secure side of the SureSentry. There is no logical or electrical transmit path on the unsecure side UDP interface, so malicious packets can’t make their way to the secure network.
Hardware:
Sunhillo’s SureSentry Data Diode features a compact 1U enclosure based on the FAA deployed Sunhillo RICI and Margate II ADS-B Receiver. A 1U, rack mountable, sleeve is available for rack mount applications housing one or two SureSentry Data Diodes.
The front panel provides dual RJ45 Ethernet ports. These connections support Category 5e 10/100/1000 Ethernet cables, which provides an interface to a LAN’s switch, router, or hub. In most applications, the data diode Unsecure side LAN connections are to the public LAN(s).
The SureSentry Secure side Ethernet port connection is located in the center of the rear panel. This connection supports a Category 5e 10/100/1000 Ethernet cable, which provides an interface to a LAN’s switch, router, or hub. In most applications, the SureSentry’s Secure side LAN connection is to the user’s secure LAN.
Protect the Integrity of your Secure Network
Data Diode Architecture
Applications
- Connecting multiple networks with different security classifications
- FAA/DOD secure networks
- Industrial secure networks
- Forwarding data to a public network
Deployments
Related Products
Sunhillo Solutions
Providing surveillance data distribution and conversion solutions to the FAA, DOD, and civil aviation authorities worldwide since 1991