There are many examples of where legacy systems are no longer able to receive regular security patches and system updates, such as when medical device regulations prohibit it, or manufacturer support no longer exists. But such legacy systems pose a security risk — if they’re connected to other, well-patched critical equipment, everything could be susceptible to cyber-attack.
Data diodes provide a simple and cost-efficient protection in this case. The diode’s hardware guarantees one-way traffic movement – data can only exit the system without leaving a path open back into it. This means you can safely export files or data streams from a legacy system. While in the other direction, you can lock down command and control traffic to highly-controlled data flows by using the NCSC Safely Importing Data design pattern, blocking access by malware.
The below example shows segregation of a management network from an unpatched PC controlling a medical scanner.
Scan requests are checked to ensure they don’t contain malware and scan results are passed out to the management network.
Oakdoor™ products will ensure your files, data and networks remain secure from cyber threats.
One way layer-2.
BASIC FILE DIODE
One-way data flow
with syntax verification
WHAT OUR CLIENTS SAY
“Consultants and clients, working together to combine different skills and knowledge, can deliver great results – quite literally, life-saving stuff.”Group Captain Paul Ridge OBEManoeuvre support team leader, UK MOD