Core Applications Using Owl Computing’s Secure DFTS
Built on the robust, hardware-enforced DualDiode platform, one of Owl’s most popular products, Secure Directory File Transfer System (Secure DFTS), is uniquely structured to optimize and align with a mixed range of enterprise applications. The Secure DFTS consists of intuitive send and receive application programs and uses our exclusive DualDiode technology to support reliable, high-speed (155 Mbps) one-way transfer.
PKI Applications
The design of our Secure DFTS lends itself to using public-key cryptography. For example, if a one-way link were used to pass order information from the Internet into a corporate extranet, you wouldn’t want this information sitting in plaintext on the exposed source end of the link. To avoid this, one can simply provide the public key—from an asymmetric key pair—to anyone who wants to place an order. The consumer simply encrypts the order using the public key before placing it on the source system. If the source system becomes compromised and the data stolen, this will guarantee that the data is still be protected by the encryption.
Assuming that the data arrives safely for transfer, the private decryption key can be kept inside the DualDiode hardware, where it cannot leak out. This will ensure that order information, once encrypted, can only be decrypted once it has passed through the one-way link and into the trusted network. Since the Secure DFTS employs a passive, file-based transfer mechanism, threats to the secure LAN are restricted to the application's interpretation of file-based data and not an active real-time user session (i.e. Buffer overflow issue are restricted to the public area net).
Sneaker Net Replacement and/or Continuous Secure Directory Tree Replication
This is the most obvious application of the Secure DFTS system. Walknet or Sneakernet is typically the only connection a disconnected secure network receives. Typically, this connection is one-way as daily data from unsecured to secure computers is manually transferred. The Secure DFTS is able to automate this transfer 24x7 and maintain a gap from data exiting in the secure area.
One-Way Data Up-Guard
The sneaker net transfer mechanism is a natural for up-guard or low security to high security transfer situations. All information, once passed through the Secure DFTS can never leave the secure facility. The physical one-way nature of the DualDiode insures that no administrator, encryption hacker, computer hardware expert, locksmith or untrained employee can move data from the inside network.
Secure Net Information Publishing
There are many situations where sensitive information needs to be brought in to the back office from the Internet. Supported by the Secure DFTS, PKI encryption will provide a way for data to transfer across the Internet. The data can be received on the Secure DFTS and transferred into the back office prior to decryption by the Master Key; the document is secure from point A to B. The outbound transfer can also be secured by using the Secure DFTS in a "push" configuration. This provides an outbound flow of information while protecting access to the back-office, specifically, the unencrypted information to be transferred across the Secure DFTS link. This arrangement is very useful in an Extranet where several other companies who receive information from the secure area need their data separated for legal, operational, and security reasons.
Secure Web Interface and/or Secure Web Content Administration
Maintaining a public web server from an untrusted network is another application the Secure DFTS can provide out of the box. Even when a server containing public content is locked down, there will always be new threats, and information will run the risk of being vandalized. When vandalism occurs, the entire site (including the back office) is subject to attack. Using a Secure DFTS interface between a trusted network and the public server on the untrusted network provides a gap between web content generation and web content serving. The original and modified data can be periodically pushed from the trusted network (where it cannot be vandalized) onto the public server. This offers security and convenience over typical FTP and/or disconnected server installations.
