Creating a Bespoke Data Diode for Air Gapped Networks
Published by Neil on
Air-gapped networks are physically isolated computer networks that do not connect to the internet or other external networks. They are widely used in industries where security is critical, such as finance, healthcare, and critical infrastructure. By design, these networks prevent remote access and reduce the risk of cyber attacks. However, while air gaps protect sensitive systems, they also create a challenge: how do you safely extract operational data for monitoring or analysis without compromising security?
We were approached by a client with precisely this challenge. Their crucial infrastructure was protected by an air gap, but they needed to extract syslog information and performance data to allow internal monitoring teams to track the system’s health and security posture.
After evaluating options, we chose to implement a bespoke data diode solution using two Raspberry Pi devices connected via an opto coupler. An opto coupler, also known as an opto isolator, allows an electrical signal to pass from one device to another using light, preventing direct electrical connection. This ensures data flows in a single direction, maintaining the integrity of the air gap.
The Setup
The system consists of a “send” Pi on the air-gapped network and a “receive” Pi on the external monitoring network. Both devices run custom scripts designed to handle data transmission reliably rather than quickly. This approach limits throughput, but reliability is paramount for critical monitoring, where losing data is unacceptable. The scripts are finely tuned to ensure that every log entry is transmitted securely without risk of cross-contamination between networks.
This method is particularly effective for syslog data. Our client can now extract performance and security information from their air-gapped network, providing their internal teams with actionable insights. The air gap remains intact, but vital operational intelligence passes safely to the outside world.
UART over Serial Ports
Initially, we explored using a standard serial port for data transmission. While functional, it introduced limitations in reliability and required additional hardware considerations. After testing, we switched to a UART interface on the Raspberry Pi, which provided a simpler, more reliable solution for one-way communication. This approach allowed the data diode to maintain a clean, stable signal with minimal risk of interference, further enhancing the integrity of the air-gapped network while keeping the setup streamlined and efficient.
Bespoke Solutions for Critical Challenges
Every implementation we deliver is tailored to the specific requirements of the client’s environment. The Raspberry Pi data diode demonstrates our ability to provide bespoke solutions that meet strict security and operational needs. Whether your challenge involves syslogs, process data, or other critical information, we design systems that are reliable, secure, and efficient. This is precisely the type of project we enjoy: solving unique, complex problems with practical, secure technology solutions.
In summary, our Raspberry Pi-based data diode offers a secure and dependable method to extract critical information from air-gapped networks. It balances reliability and security, ensuring the client’s infrastructure remains protected while providing essential visibility for operational monitoring.
Why Choose Nelop Systems?
Proven experience Over 25 years in IT and systems integration, specialising in environments where uptime is essential.
UK-based & on-site service For many legacy systems there is no substitute for someone who can bring the hardware, tools, and know-how to your premises.
Operational continuity We plan every intervention so that systems keep running, avoiding downtime where possible, and maintaining business critical performance.
Email contact@nelop.com for assistance or information.
