Cybersecurity Solution
BotiGuard – The High Speed Data Forwarder
The BotiGuard High speed data forwarder (HSD) device is a solution that enables transfer of text-only data across the device. Strict 7bit ASCII data transfer is enforced through a layered approach; using software checking methodology and customized content restrictive hardware data transfer circuit between the input and output of the device.
Compact Solution
The data forwarder device is housed within a standard 19-inch equipment rack mountable enclosure of 1U height. Within the 1U enclosure, the data forwarder device is fully self-contained with its redundant AC/DC power supply units, enabling the device to be powered from separate AC sources within the equipment rack.
Physical Dimension (WxDxH) | 445x223x45mm |
Electrical Connection | Dual IEC60320 C14 sockets |
Power Input | 90-250Vac redundant inputs, 100W max |
IP Protection Class | IP20 |
Temperature Range | 0 °C … 55 °C |
Data Port | Dual gigabit ethernet RJ45 ports |
Data Transfer Throughput | 100Mbit/s |
Interface
For ease of interfacing to existing data flow path, the device’s input port is a gigabit ethernet interface and it can serve as a sftp server for file drop purposes. The device’s output port is also a gigabit ethernet interface and it can be configured to serve as a sftp server where external host can connect in to retrieve successfully transferred files. Alternatively, the output port can be configured to initiate connection to other host for pushing of transferred files into the host.
Back Panel View Of HSD, Showing Data Ports And The Redundant AC Power Inputs
HSD Use Case Illustration
An example use case is to transfer text-only files from external (untrusted) server to internal (secured zone) server.
The external server uses sftp transfer mechanism to put text files from src folder to a temporary dataSnk folder within the HSD. The HSD will detect the deposition of a new file and initiate transfer to another temporary folder(dataSrc). The internal server can then check and retrieve the new file to dest folder of the internal server for onwards processing.
The HSD enforces an IP protocol break between the dataSnk and the dataSrc by means of hardware isolation. Without external IP packets traversing the HSD device and ultimately reaching the internal server, the potential attack surface with malicious intent from external zone is greatly reduced. Comparing to traditional way of introducing IP protocol break by means of conventional serial communication, the HSD with its 100Mbit/s sustained throughput is much higher without compromising the safety afforded to the internal secured servers by the IP protocol break.
HSD High Availability Configuration
High Speed Data forwarder (HSD) solution can be operated in high availability (HA), paired device configuration mode to improve overall availability of the solution. The HA configuration consists of a pair of individual HA-enabled HSD devices. HA-enabled HSD device has enhanced functionality that enables each device to be configured with different roles, that as Master-HA or Slave-HA.