While importing structured data safely into a trusted network is straightforward using the Oakdoor™ Import Diode, unstructured data, such as .exe files, software programs and system updates, are more difficult to verify.
There are five steps in this process:
- The unstructured data enters the Oakdoor™ Import Data Diode, and is wrapped to disable program execution. The file is stored inside the segregated network
- A copy is sent through the Oakdoor™ Basic Diode into a safe environment, such as a sandbox VM, to check for viruses or other malware
- The data is unwrapped in the safe environment and checked for any known viruses
- The result of the virus scan is sent through a second Oakdoor™ Import Data Diode into the segregated network where the original file is kept on hold
- If no virus or malware is found, the file is released from the storage system, unwrapped inside the segregated network and ready for use. If a virus is found the stored files are quarantined
The Oakdoor™ Import Data Diode allows data to flow only one way, meaning data can enter but not leave a segregated network. The diode’s hardware also inspects the syntax of the imported data using unchangeable rules.
Typical types of unstructured data: .exe files, system or software updates and patches.
The diagram below demonstrates the above workflow for handling and verifying unstructured data. Only if the data passes all inspections, both hardware based (syntax) and software based (content/semantics) can it be released for use inside the clean network.
Oakdoor™ products will ensure your files, data and networks remain secure from cyber threats.
One-way data flow
with syntax verification
WHAT OUR CLIENTS SAY
“Consultants and clients, working together to combine different skills and knowledge, can deliver great results – quite literally, life-saving stuff.”Group Captain Paul Ridge OBEManoeuvre support team leader, UK MOD