<
Owl Computing delivers secure cross-domain solutions DualDiode Technology is the Owl data diode component for secure file, TCP/IP, UDP, streaming video, and syslog message information transfer. Secure Reliable Fast data diode transfer of all data types and protocol formats Owl Computing delivers secure cross-domain solutions DualDiode Technology is the Owl data diode component for secure file, TCP/IP, UDP, streaming video, and syslog message information transfer. Secure Reliable Fast data diode transfer of all data types and protocol formats Owl Computing delivers secure cross-domain solutions

CSS Menus with Images Css3Menu.com

DualDiode Technology is the Owl data diode component for secure file, TCP/IP, UDP, streaming video, and syslog message information transfer. Secure Reliable Fast data diode transfer of all data types and protocol formats
Owl Home > Government > Defense > Products > Frequently Asked Questions
 
  • Frequently Asked Questions

  How It Works | Certifications, Patents & Accreditation | Applications | Business



How It Works

1. What do Owl products do?

2. How do Owl products work?

3. What is a data diode?

4. What is Owl DualDiode® technology?

5. How does Owl secure information transfer operating systems?

6. What does an Owl system do?

7. Is the Owl system a firewall?

8. What types of error-checking are used in Owl systems?

9. How fast will data flow through an Owl system?

10. How does Owl manage log files?

11. Can we run multiple Owl Applications on the same machine(s)?


What do Owl products do?
Owl Computing products enable the secure, hardware-enforced, one-way-only transfer of data between network domains of different security levels and policies. Owl solutions ensure the isolation of both networks, while facilitating the delivery of mission-critical, and time-critical, information.
↑Back to Questions↑


How do Owl products work?
Our core products are combinations of Owl-designed communication card hardware & drivers, and internally developed software applications. Communication cards are mounted in Send-only (Blue) and Receive-only (Red) server platforms, connected via fiber-optic or copper cabling. Owl software, specific to the kind(-s) of data to be transferred, is installed in both platforms. The Blue Owl application converts the data to Owl proprietary format, segments it to ATM cells, and sends it to the Red machine. The Red Owl application restores the information to its original format, for distribution to selected destinations.
↑Back to Questions↑


What is a data diode?
A data diode is an inter-network connection that permits information to travel in one direction only. It is most commonly deployed between two or more networks of different security classifications.
↑Back to Questions↑


What is Owl DualDiode® technology?
The Owl DualDiode data diode design is a multi-layered approach for the transparent and secure transfer of user applications (files, TCP/IP traffic, streaming video, syslog messages, data historians, SCADA, etc.), across a wide range of computer operating systems. DualDiode solutions enable hardware-enforced, one-way information transfer between discrete network domains, to ensure communications capability and absolute assurance against data leakage -- at link speeds ranging from 2Mbps to 10Gbps. Custom-designed Send-only & Receive-only Communication Cards are matched with proxy/adapter Owl software applications to “condition” specific user data types to the Owl protocol break for transfer.
↑Back to Questions↑


How does Owl secure information transfer operating systems?
Owl uses DISA Security Technical Implementation Guides (STIGs) and the processes of Certifiable Linux Integration Platform (CLIP) & Owl Security Enhanced Linux (OSELinux) to secure and constrain an OS to explicitly determined functionality and interaction with resident Owl software applications. This OS and application "hardening" may extend to the implementation of mandatory and/or role-based access controls, with customized menus explicitly defining what actions individual privileged users can take.
↑Back to Questions↑


What does an Owl system do?
Owl systems pass data from one computer to another, and/or from one network to another, in one direction only. Data flows forward without impediment at high throughput rates. Data does not flow at all in the reverse direction. Data transfer may be low-to-high or high-to-low security. Some deployments may require both uni-directional paths, physically and logically separated but intrinsic to a higher application use.
↑Back to Questions↑


Is the Owl system a firewall?
No. An Owl system does functions like a gateway, but with an important difference: data flows in one direction only, and paths are preconfigured. Because security is enforced in hardware, there is no possibility of security breach through software attack. Owl drivers have been developed internally and are not dependent on the TCP/IP communication stack of hosts on which they reside. An Owl data diode solution is a "non-routable" protocol break between the two networks it connects one-way. Owl systems cannot be "hacked."
↑Back to Questions↑


What types of error-checking are used in Owl systems?
Data is verified at multiple levels. Error-checking is performed in hardware in accordance with ATM AAL5 protocol. At a higher level, advanced hash algorithms are used to validate integrity of IP packets assembled from ATM cells. Packet sequences are also verified. Finally, the packets are merged into higher level data structures that are also verified using advanced hash algorithms.
↑Back to Questions↑


How fast will data flow through an Owl system?
Owl Communication Cards are designed to meet individual client capacity needs. Link speeds range from 1Mbps to 2.488Gbps, with a 10Gbps product to be available in early 2012.

For an example of throughput, link speed for Owl 2500 Communication Cards is 2.488 Gigabits/sec. When configured for clear-channel, an Owl 2500 pair transfers up to 270 MegaBytes/sec of content. When configured as channelized, a 2500 pair will support up to 8 virtual connections over a single physical link, each connection configurable to meet individual application needs.
↑Back to Questions↑


How does Owl manage log files?
Owl provides log file capability on Send-only and Receive-only servers. The level of detail of information that is stored in these log files is controlled by an argument in the startup scripts. All software applications support the Owl log file-management system, and the maintenance of historical information such as data archiving, aging, etc.

Log files may be viewed locally or remotely by Owl Performance Management Service OPMS, on which real-time logs are replicated and displayed graphically via a Web interface. Alternately, Owl Log Forwarding Service (OLFS) delivers log information as a datagram stream to a third-party enterprise network manager, or as static files for admin analysis.
↑Back to Questions↑


Can we run multiple Owl Applications on the same machine(s)?
Yes. Owl SNTS supports concurrent UDP, TCP, and file transfer; a single Communication Card set enables the hardware transfers. With channelized Owl 2500 cards, for specific user needs, multiple Owl applications may be run onindividual machines, with one card set.
↑Back to Questions↑





Certifications, Patents & Accreditation

1. What Data Diode Patent does Owl exclusively License from Sandia?

2. What other Patents has Owl been granted?

3. Are Owl products certified and accreditable?

4. I have been directed to review the UCDMO Baseline Configurations against my requirements.
    How do Owl solutions fit into the currently listed Baseline solutions?


5. Are Owl systems reliable?

6. Do we have to re-certify when we modify or create new software applications based on Owl systems?


What Data Diode Patent does Owl exclusively License from Sandia?
Owl Computing Licenses Patent Number: 5,703,562
Method For Transferring Data From An Unsecured Computer To A Secured Computer, December 30, 1997.
View Patent Document.
↑Back to Questions↑


What other Patents has Owl been granted?
On March 9, 2010, Owl received Patent Number: 7,675,867 for One-Way Data Transfer with Built-In Data Verification Mechanism, and markets the technology as the Owl Sercure Acknowledgement Engine (OSAE).
View Patent Document.


On May 10, 2011, Owl was granted Patent Number: 7,941,526 for Transmission of Syslog Messages over a One-Way Data Link, to transfer syslog messages over DualDiode® Technology. View Patent Document.

On August 2, 2011, Owl was awarded Patent Number: 7,992,209 B1 for "Bilateral Communication using Multiple One-Way Links." View Patent Document.

On November 29, 2011, Owl was granted Patent Number: 8,068,415 B2 for "Secure One-Way Data Transfer using Communication Interface Circuitry." View Patent Document.

On March 20, 2012, Owl was awarded Patent Number: 8,139,581 B1 for "Concurrent Data Transfer involving two or more Transport Layer Protocols over a Single One-Way Data Link" View Patent Document.
↑Back to Questions↑


Are Owl products certified and accreditable?
Certified -- Owl Communication cards are NIAP Common Criteria-certified:
Owl 2500 Communication Cards -- NIAP Common Criteria EAL-4
Owl 155 Communication Cards, versions 3 & 4 -- NIAP Common Criteria EAL-4
Owl 155 Communication Cards, versions 1 & 2 -- NIAP Common Criteria EAL-2
Owl 052 - under consideration for EAL certification
Safety Certified - TUV Rheinland Group

Accreditable:
All Owl DualDiode Technology products may be included in cross-domain solutions that require accreditation in operational deployment. Owl products function in over 1200 accredited applications throughout the DoD, US Intelligence community and other government agencies. Owl Perimeter Defense solutions are deployed throughout Critical Infrastructure organizations.

As of March 2012, Owl has two entries on the UCDMO Baseline Inventory as an accredited Cross Domain Solutions – OCDS-FT01 (formerly Owl 4.0) for low-to-high file transfer at link speed 155Mbps woth Solaris OS, and ECDS-FT01 for enterprise file transfer at link speed 2.5Gbps with Linux OS. A third candidate – OCDS-ST01 – will shortly join the first two. ST01 enables the secure transfer of Full Motion Video and COTS files.
↑Back to Questions↑


I have been directed to review the UCDMO Baseline Configurations against my requirements. How do Owl solutions fit into the currently listed Baseline solutions?
As of January 27, 2012, Owl OCDS-FT01 (formerly Owl 4.0) & the Owl ECDS-FT01 (formerly ECDS) are accredited Cross Domain Solutions for transfer on the UCDMO Cross Domain Baseline List. This designation describes solutions that are accredited, and have been successfully evaluated for re-use by other programs requiring these functionalities. This is in addition to many existing niche and individually accredited solutions for individual Agency, DOD or program uses.

"The baseline serves as check-here-first place, because items on the baseline can save the agency time and money. Rather than re-inventing the wheel, if an agency starts with something from the baseline, it could possibly cut start-to-operate time from years to months," said Jill Savin, UCDMO communications and outreach officer.
"Some agencies are putting policies in place to instruct their information assurance and IT shops only to consider baseline solutions when looking at new cross domain needs, since these solutions are known entities. But this is an agency decision, not something mandated by the UCDMO," Savin said."
                Military Information Technology, volume 14, issue 1, February 2010, p. 6.


"The UCDMO Baseline List is not a 'sales' list, it is a re-use list. It is not necessary for a technology/product to be on the UCDMO Baseline before it can be bought or installed somewhere. In fact, sometimes mission requirements may necessitate a solution that is not on the Baseline. However, it is up to each Agency to decide what their policy on new technologies will be. Some Agencies are restricting their networks to only use items already on the UCDMO Baseline. This is an Agency decision, not the UCDMO's."
                CAPT Kevin Peterson, Executive Assistant, Space and Naval Warfare Systems Command

↑Back to Questions↑


Are Owl systems reliable?
No Owl system has ever failed in the field.
↑Back to Questions↑


Do we have to re-certify when we modify or create new software
applications based on Owl systems?

No. Security in Owl systems is primarily enforced in hardware, and it is Owl hardware that is certified.
↑Back to Questions↑





Application Questions

1. Can the Owl system improve the security of my network?

2. If Owl products send data one-way only, then how do I know my data arrived successfully?

3. Can the Owl system support multiple users?

4. Can I move large files through the Owl system?

5. Will the Owl system transfer streaming video?

6. How does Owl offer a TCP product in a one-way environment, if TCP typically requires handshaking?

7. Do any Owl products provide encryption?

8. With what hardware and software are Owl systems compatible?

9. Are Owl systems easy to install?

10. What components are included in a Turnkey purchase option?

11. How much does an Owl system cost?


Can the Owl system improve the security of my network?
Yes. Owl systems are designed to prevent leakage of sensitive information from secure isolated networks. Data flows into the secure network, but cannot flow out through the same channel. Without the capability of bilateral communications, the secure network is rendered impervious to probing cyberattacks.
↑Back to Questions↑


If Owl products send data one-way only,
then how do I know my data arrived successfully?

The Owl suite of secure one-way data transfer systems does not provide any backchannel for data verification. Instead, Owl systems perform multiple levels of error-checking on both the Send and Receive machines as data is being sent. Owl systems have proven highly reliable, and are widely used by the most demanding IT customers in the US DoD, US Intelligence Community and major critical infrastructure customers.

For clients requiring explicit confirmation of data receipt, the Owl Secure Acknowledgement Engine provides this capability, with no compromise to the original one-way transfer of information.
↑Back to Questions↑


Can the Owl system support multiple users?
Yes. Owl systems are server-based; the combination of high throughput and seamless network integration accommodates multiple concurrent users.

In Enterprise Services deployments, an Owl ECDS can support a wide range of service subscribers, each with its own set of security policies, across a single physical link.

For Process Control customers, an Owl Perimeter Defense solutions can support a range of different applications, with up to 32 individual connections, on a single physical chassis.
↑Back to Questions↑


Can I move large files through the Owl system?
Yes. Multi-GigaByte and TeraByte-scale files have been reliably transferred through Owl systems. In such cases, Owl 2500 Communication Cards are preferred because of their high link speed (2.488 Gigabits per sec) and high content throughput rates (clear channel - 270+ MegaBytes/sec) automate transfers that had typically been sneaker-net/walk-net transactions. An estimated file size upper limit of 2 TeraBytes is imposed by limitations in host operating systems.
↑Back to Questions↑


Will the Owl system transfer streaming video?
Yes. Owl solutions will pass streaming video in real-time. On the Send-only server, the optional Owl MUX/DEMUX Server application supports N instances of distinct UDP streams. On the Receive-only server, the MUX Server supports unicast, multicast, and broadcast distribution modes. The OCDS-ST01 Cross Domain Solution is specifically designed to support video and COTS files transfers.
↑Back to Questions↑


How does Owl offer a TCP product in a one-way environment,
if TCP typically requires handshaking?

With Owl TPTS, TCP client establishes a "handshake" with TCP server on the Send-only machine. TCP/IP address information is stripped from the incoming packets, with packet payload transferred to the Receive-only machine. The receiving machine establishes a TCP handshake with its intended recipient and completes the transfer. In Web Server language, the Owl application may be thought of as a one-way proxy. For maximum security, no IP routing information is passed across the one-way link.
↑Back to Questions↑


Do any Owl products provide encryption?
Yes. Owl Remote File Transfer Service may impose encryption and authentication on files delivered as TCP/IP packets across networks, or from a source, across a DualDiode transfer, to a destination.

Other encrypt/decrypt services may be integrated into an Owl cross-domain solution, as with malware scanning and/or data filters. Our products provide a physical one-way link that allows users to safely send data and trust that absolutely no information - not even handshaking protocols - escapes from your private network via our products.
↑Back to Questions↑


With what hardware and software are Owl systems compatible?
Owl systems are designed for compatibility with all network devices that support standard IP network communication protocols. Owl secure one-way data transfer systems are designed to function transparently on their host networks. Owl one-way data transfer hardware may be installed in any computer platform with standard PCI-x or PCI-e bus slots operating at 3.3 volts or 5 volts. Owl hardware and software has been extensively tested with a wide range of operating systems - Windows, Solaris, and LINUX. Check under the Products sub-menu for up-to-date Version Information.
↑Back to Questions↑


Are Owl systems easy to install?
Owl OEM product kits feature color-coded components, streamlined installation procedures, and thorough documentation. Basic Owl systems are routinely installed by client personnel in less than an hour -- sometimes as quickly as 15 minutes.
↑Back to Questions↑


What components are included in a Turnkey purchase option?
Today, in most cases customers purchase Owl products either as Communication Card sets with application-specific Owl software, or as fully developed Cross Domain Solutions (CDS) [or Perimeter Defense Solutions (PDS)]. Turnkeys include all the application-specific items, two rackmount servers with the selected Owl communication cards and application software, tested and installed.
↑Back to Questions↑


How much does an Owl system cost?
Owl systems vary in price based on Owl Communication Card selection, Owl software required for user-specific data types, CDS or PDS requirements, and optional lifecycle & configuration management. Contact us, via the Contact Form included on this website, or call Owl Sales toll-free 866.695.3387, for pricing details on your application.
↑Back to Questions↑





Business Questions

1. Can Owl products be exported?

2. Are you compliant with section 508 of the Rehabilitation Act?

3. Where are Owl cards manufactured?


Can Owl products be exported?
All Owl Communication Cards have an ECCN number of 5A991 with an AT1 restriction -- they can ship almost anywhere (exceptions, -- Cuba, Iran, Iraq is OK with some additional restrictions〉, Libya, N. Korea, Sudan and Syria.

Detailed information on ECCN ⟨Export Control Classification Number⟩ can be Found Here.

Owl Cross Domain Solutions, involving card sets, Owl software, specially modified servers and Oss, and content management suites are handled on a case-by-case basis.
↑Back to Questions↑


Are you compliant with section 508 of the Rehabilitation Act?
Owl Computing Technologies, Inc.'s products are considered fully compliant with the applicable provisions of section 508 of the Rehabilitation Act. Owl products are designed to work seamlessly with accessibility enhancement features of their host platform operating systems, thus enabling Federal employees with disabilities to interact with Owl systems with the same effectiveness as Federal employees without disabilities.
↑Back to Questions↑


Where are Owl cards manufactured?
Owl products are designed and manufactured In the USA. All Owl products have a U.S. controlled supply chain.
↑Back to Questions↑


 
DualDiode Technology is the Owl data diode component for secure file, TCP/IP, UDP, streaming video, and syslog message information transfer. Secure Reliable Fast data diode transfer of all data types and protocol formats