Interactive Link

The Interactive Link is a suite of hardware and software products designed for application within areas where network separation is implemented for security reasons. Manufactured and marketed by Tenix Datagate, the Interactive Link hardware products have been evaluated to the highest level under international security criteria with a strong focus on maintaining the confidentiality of the secure network. The technology underlying the products is drawn from Starlight Technology, developed by the Australian Defence Science and Technology Group.

History

The Interactive Link product suite is a commercialized version of Starlight Technology. This technology, developed as a way to transfer data from a lower classification (Low Side) network to a highly classified (High Side) computer without compromising sensitive information, was formed inside the Australian DSTO as a research project.[1] The technology also allowed users to view and interact on a Low Side network from a High Side computer. The Starlight Technology included a data diode, accompanying server software and Desktop-based equipment. Seen as having commercial merit and after a prototype was developed, the technology was licensed to Vision Abell (later acquired by Tenix) in 1996 for development and supply to Australian government under the brand “Interactive Link”.[2][3] The objective of these products was to increase productivity and to reduce the deskspace required by users working on more than one network, while not compromising the existing security.

In 2002, DSTO signed a long-term agreement for the newly formed Tenix Datagate division of Tenix to market, manufacture and further develop the Interactive Link product worldwide.[4] Tenix Datagate subsequently set up offices in the UK and US in addition to their Australian presence. Tenix Defence was acquired by BAE Systems Australia in 2008, including ownership of the Interactive Link products.

Due to its high level of certification, the Interactive Link product suite has been deployed to numerous western nations.

Products

The Interactive Link Product Suite includes the following:

The Interactive Link Data Diode Device (IL-DD) – a trusted platform providing a strictly unidirectional data path between two networks. The device allows the transmission of information from Low Side to High Side networks but not vice versa. Data is transmitted by means of optical fibre technology that reduces the risk of data interception by TEMPEST attack.

The Interactive Link Keyboard Switch (IL-KBS) – The IL-KBS is a desktop device that allows users of a High Side computer to access a Low Side Thin Client session. Used in conjunction with the IL-DD, no High Side Data is sent down to the Low Side network. Users are able to view and interact with the Low Side inside a window on their High side computer.

Interactive Link Multiple Computer Switch (IL-MCS) – a highly secure KVM to switch between two desktop computers of differing security classification levels from a single keyboard, mouse and monitor. Its level of certification (ITSEC E6) means it is the most thoroughly evaluated KVM presently available.

Interactive Link Data Pump Applications (IL-DPAs) – These are software applications that send file, email, clipboard and file data over the IL-DD. These may be used independently of the desktop devices. These consist of the File Transfer Application, Email Transfer Application, Clipboard and File Transfer Application and Data Forwarding Application.

Evaluation/certification

High levels of evaluation under relevant security criteria are distinctive features of the Interactive Link hardware. They have been certified under the following criteria:

ITSEC – The IL-MCS,[5] IL-DD [6] and IL-KBS [7] have all been evaluated to the level of E6 under ITSEC, the highest level possible under this criteria. This evaluation was performed under the Australian Information Security Evaluation Programme,[8] and mutually recognised in a large number of nations.

Common Criteria – The IL-DD has been certified to EAL7 under the Common Criteria in the United States, the highest level possible.[9] The IL-KBS has been certified to EAL5.

The IL-KBS and IL-MCS units are used primarily where users need to access two separate networks from a single desktop while maintaining strict security separation between the two domains. Examples of this would include accessing Classified and Unclassified networks in a military setting.

The IL-DD and IL-DPAs are versatile in their applicability, primarily they are used where data in various forms needs to be sent in a strictly unidirectional manner. This could include automated sending internet data to an otherwise isolated network, a unidirectional email gateway and one-way dispatch of log files for secure storage. Another potential setting is where the IL-DD is "turned around" to push data from a secure source to an insecure destination.

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.