Can anyone recommend a Datadiode that is cost effective or would we be better with a 2 port Firewall (if they exist)
Looking to try and get data from an OT system to an IT system
Wikipedia link
https://en.wikipedia.org/wiki/Unidirectional_network
My limited understanding of what our IT guys call a data diode .. involves a device in the Secure (Control) domain, one in the DMZ, and one in the Unsecure (admin). The 'secure' server 'knows' who it is talking to on the less secure side and checks once in a while (every second? Every 100 ms?) if there is pending communication. The unsecure side then responds. So it is IP traffic, but S-L-O-W-E-R as the unsecure side waits for communication from the secure side before RESPONDING.
2 hops, from control -> dmz, and DMZ -> admin, before going to whatever database is storing the reporting/alarming/historical data. I believe that there is also some encryption ... that's a bit out of my depth
The less secure side cannot initiate communication. Apparently that removes a large number of attack vectors? The encryption is supposed to prevent an attacker with IP address and port knowledge from impersonating the applicable servers and use some sort of buffer overflow attack.
I think this is layer 3 stuff (7 layer network model). The layer 2 stuff (ARP et al) ... maybe acts normally? Not sure. Again - out of my depth!
We use a Cisco firewall, like everyone else ... with the DMZ, port monitoring and blocking, etc
The vendor that 'consumes' the data should be able to recommend a data diode that works with their data collection software. Your part should be making sure that it won't break anything on you side