Data Diodes, Hackers Hate Them!
Welcome back security enthusiasts, yet another interesting topic about high end cyber technologies.
Data diodes are becoming extremely important with the evolution of software borne threats and vulnerabilities and ever since software and supply chain attacks are rampant, the need for data diodes has been more than ever
Data is familiar word but what is DIODE
Diode is a terminology taken from an electronics language
There is a component on our circuit boards called DIODE who passes the current only one way
A diode ensures the current can only flow from one side of Diode to the other and never the other way around
This is a native capability and can NOT be changed. Just like the TURNSTILES which can only allow one way passage
Just like this.
So now we understand that diode means ONE WAY channel !
Picking from the same , the term DATA Diode is a component which can pass data or information from one side to the other and not the other way around
Now-that we are clear what is a data diode in the nutshell, lets see why there was a need of a data diode at all
With connected environments , there is always a need to securely connect the critical facilities to the outside systems, for the sake of monitoring and visibility
This in and itself becomes a risk when doors to outside world are open and most of us know that the pathway to Cloud in particular is full of holes
For the longest time companies have been using SOFTWARE security solutions like FIREWALLS to make sure the secret networks are safe from outside threats
Firewall is a known terminology and very well understood technology. Pretty much All of us have seen or used firewalls
But when it comes to highly sensitive networks, firewall software security is not enough.
Firewall have softwares on them which often have bugs… or sometimes they are wrongly configured , this in itself is a separate debate, we can talk at length on the maintenance aspects of a firewall
The solution to this problem is to put something in place which is hardware in nature and does not have a chance of misconfiguration
Data diode is the perfect answer to it. Data diodes are HARDWARE in nature and cannot be wrongly configured.
Bonus points, adding a data diode certifies the system to be on highest standards and (Security Level 4) , which I will explain later. This also aligns well for the industry 4.0 initiatives
we can categorize data diodes into three different categories. Number 1 is SOFTWARE data diode where you have a program ensuring the data only flows one way
Second category is HARDWAR data diode, where you have a hardware isolating the two sides and doesn’t have a logic in it
Third and the most evolved category is the optical data diode where you have no electricity, no power, it is offering an optical isolation natively
All of them do the same job, send information one way.
Hackers hate data diodes because when they see a data diode in the network, they cannot get any response to the hacking alert
Imaging if an attacker wants to attack a target and send a scan, the only way the attacker can get to know the presence of target is through the response.
So if the response is not there, attacker has no way to know whats on the other side
CEO of Bohemia Market CZ and the architect of the “Beyond Purdue” approach to ICS resilience. Over 25 years of hands-on experience with ICS/OT Systems, and secure data transfer systems in critical infrastructure
6moIf data diodes implemented correctly they drastically improve on cybersecurity. @Ahmed Al Saleh is right, however there are thousand of systems which have no point to upgrade at all. And is not cyber security as cyber security - we have many articles on it and recently I created newsletter addressing exactly that issue: https://www.linkedin.com/newsletters/beyond-purdue-7315971708727808000/
Security Delivery Team Lead-CISM | IT SOC Operations | OT Security | ECIH | ECSA | SC-200| AZ-D4IoT (CYBERX) | Nozomi | Claroty | EDR | Checkpoint FW
6moHow it is helpful in real-time Defense as it is preventing defenders from probing from central SOC. If it is one way communication, I think it will limit ability to Detect and Investigate Threats.
Deployment Engineer @ SPAN Group | Lifetime experience in Electronics as a hobby | Robotics | Automation | RMS | MHE's | AGV's | UAV | Drones | C/C++| RTOS | Python | ML | AI | IoT | R&D, Embedded Sys, Debugging, Testing
6moIf communication is only one-way, how is it possible to use the Internet? How will we receive emails and files from all over the Internet? And what if someone shares a link that runs a Python script with all the necessary things required by the hacker? In that case, how does DATADiode help?
Safeguarding Critical Infrastructures | Cybersecurity | OT/ICS | Digital Transformation | Innovation | Speaker
6moOne main drawback of the data diode is that it often gives a false sense of security to system owners which leads to neglecting other cybersecurity controls because "we have a data diode and no outsider can hack us!" Thanks for sharing IQBAL K. Khalid