Oakdoor Data Diodes guarantee a one-way data flow via hardware, as opposed to firmware or software. This means that there is no way to reverse the one-way data flow without breaking the laws of physics.
By implementing key stages of the UK National Cyber Security Centre’s (NCSC) design patterns for Safely Importing Data and Safely Exporting Data, Oakdoor products are accredited for use in even the most secure environments.
The data diodes are the first to implement hardware-based syntax verification that allow structured data to enter, while ensuring that potentially malicious data will always be identified and handled in a safe way. By providing a protocol break at Layers 1-4, Oakdoor data diodes qualify as a protocol filtering device (PFD).
Oakdoor 1G Basic Diode has a minimum classification of OFFICIAL ACCSEC caveat and must be deployed in a suitably accredited environment. After Oakdoor 1G Basic Diode has been installed, the unit will take on and retain the same classification as the high domain with the ACCSEC caveat.
• The unit has been designed for enterprise deployments in secure server rooms which have stringent access control and audit procedures in place (at the level of the High domain network).
Security Incidents/Reporting Incidents
• Any suspected security incidents, such as unauthorised modification or tampering, should result in increased vigilance for the remaining parts of the system, and possibly special measures before it is used again.
• All incidents must be reported to the Custodian. CINRAS incidents must be reported in accordance with IS4.
Tampering
• If evidence of actual or suspected tampering or other compromise is found, all elements of the system (i.e. connected equipment) should be withdrawn from use while the incident is investigated.
• The incident should be reported and equipment returned to Oakdoor via CRYPTO channels for further analysis.
• Prior to resuming use of the product, the System Accreditor on behalf of the CISO must be sure that no part of the system has been compromised.
• The incident should be reported and equipment returned to PA Consulting via CRYPTO channels for further analysis.
Resuming use
• Prior to resuming use of the product, the System Accreditor on behalf of the CISO must be sure that no part of the system has been compromised.
Reuse
• Where the OAK DOOR Basic Diode devices are to be reused, the redeployment must be done so in a controlled manner and with knowledge of the previous deployment architecture (particularly the classification of the networks it was connected to). The unit should only be reused in networks that have the same, or higher, classification as the previous deployment.
Disposal and Destruction
Routine destruction of equipment
• Information on the destruction and disposal of equipment is given in IS5.
• The procedures must conform to the requirements of IS4 and accurate records of the destruction must be kept.
Disposal/destruction at overseas locations
• No additional special requirements are necessary at overseas locations for the Oakdoor 1G Basic Diode unit.