Your network is detached from the internet and from any other network for that matter, yet, you need communication with the outside world for uses such as email download, file download from business partners, virus signature file download, patches download etc.You are aware that connecting to the internet is forbidden; so, in order to download all the data, you need you just burn files and pass them on from one computer to the other, manually. Okay, now what? How will your network users receive email to the detached network in an interval that allows proper use (and nor 2/3 times a day)? How do you collect all the files needed for the business side and for the tech side and pass them on to the LAN with a reasonable enough mechanism? How do you do all that without spending precious time, keeping the process automatically working and still safeguarding the LAN 100% from data leakage and online attacks?This case study examines how a company, subjected to total LAN detachment, can maintain reasonable services and 100% security.
SCENARIO 1 - Secret Network Receiving Emails
Receiving 50,000 emails per day from the internet and passing them on to the detached LAN, while maintaining 100% security from any network connection.
Solution before VADO
A person from the HD is in charge of downloading 3 times a day, email files from the external mail relay server. These files are then burned to a CD and passed on manually to a content filtering machine. Once the CF machine is done, the files are burned again to a second CD. This CD is set in the Internal mail relay server and files are manually uploaded as email for users in the internal mail server to read.
The VADO optical one-way system is capable of passing files from one network to the other with no way send packets the other way around. The system downloads the files from the external mail relay server every 5 minutes. These files are then passed on automatically to a content filtering machine. Once the CF machine is done, the files are passed to the Internal mail relay server and files are automatically uploaded as email for users in the internal mail server to read. The system is 100% automatic. No bit can go outside the secured LAN in any case.
SCENARIO 2 - Critical Infrastructure Stream Data Publishing
Connecting a secured critical infrastructure network to the internet while maintaining 100% security and avoiding any possibility to enter the LAN from the world/Internet.
Solution before VADO
Since all network connections are 2 way, and no such connection is allowed in this case, a controller how needs to receive system status, is obliged to contact a controller on site and receive the data from hearsay.
The VADO optical one-way system is capable of passing stream data from a secured network to a non-secured network (such as the internet) without putting the LAN at risk from an outside online attack. All needed information is streamed onto the internet allowing the controller to view the actual data for himself. no attacker can go into the LAN since the connection is one way at an optical level, hence, no logical attack can change the stream direction.