Data Diodes - One Way Data Flow - 4Secure

Data Diodes – One Way Data Flow

Data diodes are hardware-based devices with two separate circuits that establish one-way data flow, maintaining physical separation between networks. 4Secure utilise data diodes as a component of a cross-domain solution.

Owl OPDS-1000. Powerful and Scaleable.

The Owl OPDS-1000 is a highly integrated, all-in-one, 1U, rack-mountable data didoe that provides secure, high speed data transfers. In an ever changing business landscape with new requirements and varying scale, the OPDS-1000 can adapt and scale to meet the needs of your organisation. The OPDS-1000 supports multiple, simultaneous protocols, data types, and data streams. It supports three configurations, including standard capacity (26 Mbps), mid capacity (155 Mbps), and high capacity (1,000 Mbps).  The integrated, EAL4+ certified Owl communication cards form an air gapped one-way link with an absolute protocol break, ensuring the highest level of security possible.

Owl V7 Communication Cards. Customisable high-throughput.

The Owl V7 Communication Card Kits family represent these pinnacle of performance in data diode technology. These unique Card Kits comprise the fastest and most versatile solutions available on the market, and have been Common Criteria certified at EAL4+. The high capacity card kit establishes a new benchmark for full line rate, one-way transfer requirements, geared toward traffic-heavy applications, such as network monitoring. The high-capacity configuration can support a throughput of up to 10 Gbps and is commonly integrated into commercial off-the-shelf (COTS) servers as part of a cross-domain solution.

Enhance data diode capability with TrustedFilter™ Software

Whilst 4Secure can offer the hardware component independently, 4Secure’s TrustedFilter™ software suite enhances the functionality of a unidirectrional appliance to deliver a comprehensive cross-domain solution. TrustedFilter™ software  can perform full content inspection and validation, transform data into different formats and provide support for an extensible range of protocols in one-way envrionment. TrustedFilter™ software can be installed directly onto a data-diode, often eliminating the need for he need for extra uneccessary flanking systems.

Cross-domain solutions incorporating data diodes

Command and Control

Secure File Import

Secure Browse Down

Secure Video Transfer

Content Disarm and Reconstruction

OPC Data Transfer

Splunk Data Transfer

Logrhythm Data Transfer

TAK Data Transfer

Supported Applications

Native applications supported by 4Secure Cross-Domain Solutions and TrustedFilter™ software.

Modbus Transfer


Log Forwarding

Performance Management


OPC Transfer


OSIsoft PI System Transfer

Screen Replication


Remote File Transfer


DNP3 Transfer


HTTP Transfer


Advanced Messaging Queueing Protocol

MQ Telemetry Transport

Contact Us

Want to know more about 4Secure's products, services and cross-domain solutions? Engage with 4Secure's specialists to find a tailored solution. The 4Secure team offer full support through 30-day proof of concept of any solution at cost to 4Secure.

Call for a Quick Consultation

Can't wait for a response? Call us now for a quick consultation with one of our cross domain solution specialists.


What is a data diode?

Data diodes are hardware-based appliances used to enforce the unidirectional flow of network traffic. It is perhaps simplest to think of data diodes as one-way valves for data, allowing data to flow out, without a way back in.

How are data diodes different to firewalls?

A data-diode is hardware enforced solution for the unidirectional flow of network traffic. Within a data-diode there are two different nodes, one send only and one receive only for sending data one-way from. asource to destination. This means it is against the laws of physics for data to flow in the opposite direction meaning they can’t be hacked. Firewalls on the ot her hand are a software-based solution, andd  therefore are always vuleranble to some degree of being comprimised.

What is the difference between a data diode and a cross-domain solution?

A data diode primarily enforces unidirectional flow control through hardware. A cross-domain solution combines both hardware and software to provide feature-rich capabilities. These include handling two-way protocols in a one-way environment, performing transformation on data types into structured markup languages, as well as content inspection and data validation.

Cross-domain solutions can also be implemented for bidirectional use-cases, whereas a data-diode will only function unidirectionally. 

When is additional software required on a data diode?

Many use-cases necessitate software to handle inherently two-way protcols in a unidirectional envrionment. Most commonly this is achieved through the use of proxies, which convert two-way protocols into one-way data streams.

4Secure also overlays their proprietary TrustedFilter™ software on diodes to perform content inspection and validation of data flows. Additionally, TrustedFilter transforms complex application layer data protocols into a well-understood structured markup language for verification purposes.

What are some common use cases for data diodes?

Data diodes are typically employed for one-way data transfer between security classification domains. This can involve importing data into a more secure environment or exporting it to a less secure envrionment.

This may involve tasks such as transferring files or log data, streaming videos, or monitoring devices and endpoints.

In critical infrastructure environments, data diodes are often used to transfer monitoring data from the operational technology environment to the information technology environment.

Can a data diode be hacked?

Data diodes represent a hardware-enforced approach to unidirectional flow control. They operate on the principle that data flowing in the opposite direction is physically impossible, in adherence to the laws of physics. This stands in stark contrast to firewalls, which rely on software-based solutions and, inherently, are susceptible to exploitation.

What is a protocol break?

A protocol break involves terminating a data transfer protocol,  transforming just the core data payload to an alternative protocol, and subsequently reassembling the initial protocol before the data reaches its intended destination. All 4Secure data diodes include a protocol break mechanism, which effectively hides source network details like IP or MAC addresses. This renders it infeasible for any external malicious entity to probe, dissect, or access any data related to the source network. Protocol breaks also act as a safeguard against the transmission of hidden malicious data within packet headers.

Enhancing Security with Data Diodes

Data diodes are intricately crafted to create a secure separation between the source and destination networks. They consist of two separate circuits for transmitting and receiving data, guaranteeing a unidirectional data flow that effectively prevents unauthorised access to protected networks. This resilient, hardware-centric strategy provides an impenetrable barrier against potential security threats.

Leveraging Unidirectional Networks for Strengthened Security

In the realm of information security, where safeguarding critical infrastructure and sensitive data is paramount, data diodes serve as an impenetrable fortress. These hardware-based devices, often referred to as unidirectional gateways, guarantee secure, one-way data transfer, eliminating vulnerabilities and potential breaches. This exploration delves into the intricacies of these high-security marvels and their unmatched protection for operating systems and networks.

Understanding Unidirectional Data Flow

At the core of this technology lies the concept of unidirectional networks. Think of it as a one-way valve for your data, allowing information to flow out of your network or system while blocking any re-entry. It’s akin to sending a sealed package with no possibility of return. This unidirectional gateway plays a vital role in robust information security, securing sensitive data effectively.

Securing Critical Infrastructure with innovative Solutions

The applications of these devices are diverse and extensive. They play a pivotal role in segmenting and defending networks while ensuring secure, one-way information transfer. This enables data to be sent from secured networks to external systems and users, such as the cloud, remote monitoring facilities, or regulatory bodies, without introducing any threat vectors back into the secured network. These solutions can protect network segments of all sizes, from a single controller to an entire facility, making them an invaluable asset for safeguarding critical infrastructure.

Comparing Unhackable Security to Vulnerable Software

When it comes to network security, these devices offer a superior alternative to traditional firewalls. While firewalls may provide a false sense of security, they are essentially software protecting other vulnerable software, leaving them open to potential attacks. In contrast, these hardware-enforced solutions leverage the laws of physics to ensure unhackable security, a level of protection that is simply unmatched.