SureSentry™ Data Diode*

The Sunhillo SureSentry™ Data Diode is designed to protect the integrity of a network that sources data to a separate network by strictly enforcing a one-way-only data flow. SureSentry accomplishes this by implementing a 100% hardware-enforced security protocol that cannot be disabled or bypassed.  SureSentry can connect multiple networks with different security postures which is a critical element in data sharing.

SureSentry is currently undergoing certification for Common Criteria EAL2+ and FIPS 140-3 which ensure reliability and security.

Details:

Within radar surveillance data networks, it is often necessary to provide radar data from a protected network to a network with a different security posture. To fulfill this requirement without jeopardizing the safety and integrity of the secure network assets from the threats of inbound cyber-attacks, it is necessary to prevent data and control communication from the Unsecure side of the network from reaching the Secure side. SureSentry accomplishes this by implementing a 100% hardware-enforced security protocol that cannot be disabled or bypassed by any software means.  Since radar networks aren’t the only type of data that needs to be protected the SureSentry is an ideal solution for other industries such as banking, Power & Utilities, Industrial networks and more.

SureSentry provides a web-enabled user interface that provides a simple configuration clearly delineating the known, protected network on left from the consumer network on the right. Configuration is enabled by defining “data circuits” which can be individually addressed to support IP data traffic. Because SureSentry supports an isolated network stack on the outbound side, it is capable of handling UDP (unicast, multicast, broadcast) and TCP connections.

Features:

Gigabit Ethernet port to Secure network.  The SureSentry receives IP data from the secure network for forwarding to the unsecured network.  The secure network communicates with a fully compliant IP proxy that in turn forwards one-way UDP packets to the Unsecure side of the SureSentry.  With no logical or electrical receive path on the data diode Secure side UDP interface, malicious packets can’t make their way to the secure network.

Dual Gigabit Ethernet ports to Unsecured network. SureSentry can forward IP data from the secure network to the public unsecured network(s).  In a mirror configuration of the Secure side, the unsecured network communicates with a fully compliant IP proxy that receives one-way UDP packets from the secure side of the SureSentry. There is no logical or electrical transmit path on the unsecure side UDP interface, so malicious packets can’t make their way to the secure network.

Hardware:

Sunhillo’s SureSentry Data Diode features a compact 1U enclosure based on the FAA deployed Sunhillo RICI and Margate II ADS-B Receiver. A 1U, rack mountable, sleeve is available for rack mount applications housing one or two SureSentry Data Diodes.

The front panel provides dual RJ45 Ethernet ports. These connections support Category 5e 10/100/1000 Ethernet cables, which provides an interface to a LAN’s switch, router, or hub. In most applications, the data diode Unsecure side LAN connections are to the public LAN(s).

The SureSentry Secure side Ethernet port connection is located in the center of the rear panel. This connection supports a Category 5e 10/100/1000 Ethernet cable, which provides an interface to a LAN’s switch, router, or hub. In most applications, the SureSentry’s Secure side LAN connection is to the user’s secure LAN.