Cyrus
Unidirectional Gateway
The term unidirectional gateway is used to establish one-way communication between two networks. Today, due to the expansion of information systems and management software in organizations and factories, it is often necessary to transfer a series of information from the industrial network to the administrative network. But for security reasons, it is necessary to transfer this information in a safe and one-way way to prevent possible threats from entering the industrial network.
Cyrus Unidirectional Gateway product makes this communication one-way and guarantees the one-way communication between two networks in a hardware way, so that any mistake of the operator in the settings of this product cannot lead to two-way communication.
Although today, data diode is used as a tool for one-way communication between two networks, but the efficiency of this product is far beyond the performance of data diode.
Datadiode is a purely hardware product, but Cyrus Unidirectional Gateway is a combination of software and hardware, and for this reason, it has been able to cover the weak points of Datadiode. The data diode only transmits data in one direction and most software cannot communicate through it. But in the Cyrus Unidirectional Gateway product, we have been able to solve the problems in the use of data diodes by simulating the application services in the industrial network.
Why do we need Cyrus Unidirectional Gateway? One of the basic needs related to the control system, especially in SCADA networks, is to create a central monitoring system. Central management and visibility of network activity control and security monitoring have many advantages, but at the same time, they also bring risks. If we want to have a central industrial monitoring system, we must be able to collect basic information from all industrial networks and transfer it to the center. Transferring this information requires connecting networks to each other. Connecting networks to each other increases the risk of transmission of contamination from one network to another. Therefore, we need to establish a one-way connection between the networks so that the basic information is transferred only in one direction and from one network to another. The Cyrus Unidirectional Gateway device provides the ability to make the connection between two networks one-way. The use of traditional firewalls in order to connect the administrative network to the industrial network cannot provide the required guarantee for the non-contamination of the industrial network. Because firewalls are software and their possible vulnerabilities will make us unable to guarantee that a firewall can block a one-way connection. CYRUS Unidirectional Gateways product is a combination of hardware and software. The hardware guarantees that the connection is physically one-way and only in one direction. Therefore, the error of the operator in the wrong setting of this product cannot cause the communication on the line to be two-way. Physically, the entry path of any signal or message from the office network to the industry is blocked. The software part of the Cyrus Unidirectional Security Gateway product replicates industrial servers and it can simulate industrial sector services for use in office network. Users and applications in the office network can query the replicas and get the required information from the industrial network. This device can be used to ensure the control networks of various industries, including power generation, transmission and distribution as well as oil and gas, water treatment, railway system and other applications. This product can transfer database data and industrial protocols one-way without the server and client realizing this. This product can send the received data to different servers with iot protocols. CYRUS technology guarantees one-way communication.
How does the Cyrus Unidirectional Gateway hardware make communication unidirectional? One-way Gateways hardware components include a TX module, containing a fiber optic laser transmitter, and an RX module containing an optical receiver. Gateway hardware can transfer information from an ICS network to an external network, preventing any virus, DOS attack, human error, or any Cyber Attack from spreading to the protected network. In general, our hardware will make the communication one-way, safe and reliable, and the implemented software will replicate and emulate all services and protocols in the industry.
Cyrus Unidirectional Gateway can be used in petrochemicals, pharmaceuticals, manufacturing plants, oil and gas industries, water and sewage, organizations and institutions, the military, at the level of industrial control, power plants, nuclear power plants, etc... .
Features and benefits
- Completely modular and flexible hardware with high security features and compatible with industrial environments
- 1Gbps transmission capacity, the possibility of adding bandwidth with several pairs of TX / RX
- With backup service (HA optional)
- All the connections are embedded in the front of the device so that they can be seen clearly and can be worked on
- A wide range of software connectors, without the cost of customization
Technical specifications:
More than 100 types of software connectors
Cyrus Unidirectional Gateway product software connections can run on customer-provided servers, virtual machines, or host modules of this product. Its software connections can be implemented in Windows, Linux and other operating systems.
Databases and Historians
MariaDB MongoDB MySQL NuoDB Oracle PostgreSQL Redshift Snowflake SQL Anywhere SQL Azure SQL Server SQLite Sybase Teradata Tibero VoltDB |
BigQuery Cassandra Confluent Derby DB2 Firebird Greenplum H2 HANA HBase HSQLDB Ignite Informix Ingres Interbase Kafka |
It has a monitoring and troubleshooting system for all databases
Very flexible replication with ETL capability
From a few nodes to several thousand nodes, this product is optimized to synchronize data with a large number of databases and load data quickly. By applying web server technology, many concurrent requests can be synchronized and available.
You can filter, delete and transfer data. You can also change the format of tables during transfer and transfer encrypted. When two or more nodes are involved in data coordination, the system can modify and resolve conflicts, so data remains consistent across nodes. You can detect a conflict by defining manual rules and configure how to resolve it.
It has an API programming interface for when you want to transfer your data.
The remote access of the one-way bus of Cyrus can transmit the image of the monitor or devices that have VGA or HDMI output one-way.
Monitoring Tools Email/SMTP, SNMP, Syslog HP ArcSight, Splunk, IBM QRadar, McAfee ESM, CyberX, RadiflowiSID, ForeScoutSilent Defense, Dragos, Indegy.
- Industrial programs and protocols
- Identification of more than 150 types of protocols
- One-way transfer of data to the other
- Simulation of protocols on the IT network side
- Possibility of data logging on both sides
- The possibility of connecting data to the Splunk system and determining the threshold for each tag
- The possibility of scheduling the connection to the industrial system and logging
- The possibility of creating alarms and events based on tags and sending them to alarm and event servers
- The possibility of complex calculations from tag and create a new tag
Some protocols include the following:
- Siemens S7 & PCS7 Historian
- OPC DA, A&E, HDA, HDA Backfill and OPC UA
- Emerson: EDS,
- Yokogawa OPC, GE iFix
- Modbus, DNP3 , ICCP, IEC 60870-5-104, Omni Flow
File transfer
- Folder mirroring, Local Folders
- FTP/S, SFTP, TFTP, SMB, CIFS, NFS, HTTPFS Log Mirroring
Other Connections Cyrus Unidirectional Gateway has a built-in NTP Server for time sync through its built-in GPS. Audio and video streaming with the possibility of changing the compressor and Codec of audio and video with a one-way printer with the support of all printers in the market with VPN client and server on both sides
Cyrus Unidirectional Gateway for intrusion detection system
This product has the ability to mirror a port one-way from the OT network to the IT network. For this purpose, we SPAN a switch port in the OT network and connect it to the device port. Then the cascade safely and one-way transfers all port traffic to the IT network and can be received from a single port. You can deliver the traffic received in the IT network to any IDS or SIEM system so that it can be analyzed and identified in a completely safe way. In this way, without the industrial network being exposed to Cyber Attacks from the IT network, it will easily allow the organization to analyze network packets. The following figure represents the given explanation: