Secure one-way street
Onewayer is an IT protection tool, which offers a strictly single-way data communication from a lower to a higher security level IT environment. The Onewayer maintains the physical separation of the higher security level environment and, at the same time, can satisfy the information demand of the higher security level IT environment in real time, in a controlled way without the need to apply any resources. Its usage is strongly advised in cases where the members of an organization are to send information frequently into a high security internal IT environment from an external source of low or unknown security level. The use of the system ensures the information transmission into the internal environment so that it physically prevents any data theft or leakage on the established connection.. Onewayer is the secure, one-way street of IT data transmission.
OneWayer has been evaluated and certified at high security level according to MIBÉTS methodology (complying with CC EAL4)"
Certificate
The system consists of the following units:
- Onewayer one-way data transmission tool
- Low Security Level Server (LSLS)
- High Security Level Server (HSLS)
The system copies the selected directories from LSLS side to HSLS side.
Functionality
The information stored on LSLS module of Onewayer is streamed to Onewayer which receives and „one-ways” it for the HSLS module. The transmitted file system or directory will be restored from the stream by HSLS module.
Usability
Standard interfaces support the communication of the system. GUI helps the user at LSLS side to select files to be transmitted and to compose the stream. The opto-electronic coupler installed in Onewayer transmits the received dataflow. GUI helps the user at HSLS side as well to manage the received files and arrange them into directories.
Reliability
The opto-electronic coupler provides the galvanic separation of the LSLS and HSLS side by its nature . The system excludes the illegal electromagnetic data leakage by its design. Hardware based network noise filter is installed at network connection. The HW units of the system are tamper-protected. In case of opening a unit it will become temporarily disabled and can be activated by the system administrator only. Error correcting code is used during the file transmission. The transmitted information remain stored on both the sender and receiver servers until pre-determined time only. After the expiration of the storage time the files are deleted automatically. In case of irreparable errors the receiver side may send notification to the sender one on external channels (e.g. e-mail). In order to guarantee the hardware, software, physical security of the system a Wathcdog service is operated.
Performance
The system handles gigabit level traffic. The size and amount of the files practically have no effect on the performance.
Supportability
The system supports setting up several user levels (administrator, user and auditor) by an authorization management function. The servers can be managed by local console and/or remote access (SSH). The application can be configured via web based management GUI. The system logs its activity and stores it in a local database or a syslog server.
