uses a fiber optic data diode along with Nginx as a reverse proxy.
The author states:
“TCP/IP client-server reverse proxies on either end of the data diode
can be setup to respond to
the hand shaking requests automatically without the need to actually
send any data back to
the insecure network. The client-server proxies solution should work
in most cases however,
through testing should be completed in a lab environment before
deploying a data diode
solution into an ICS.”
And
"Step 5 Configure your Reverse Proxy
Depending on the data you want to replicate you can either configure
an open source reverse
proxy like nginx (engine x) and use your databases web services to
replicate the data.
Step 6 Disconnect one of the fiber optic ST connectors
Once you have your two proxy servers configured and communicating to
each other you can
simply disconnect one of the two fiber ST connectors. You will likely
need to spend time
properly configuring your reverse proxy servers to relay the
information correctly and you will
need to write some scripts in your database to perform the continuous
data replication."
He however does not provide any working configuration.
We would love to implement this and I greatly appreciate any help.
If someone can at least just point me in the right direction I would
be eternally grateful.
I urge caution using this approach to a data diode.
The question you ask is a very important one: where can I find a working
configuration?
Do not get me wrong, it is possible to make such approaches work, I have
seen them in my companies test lab.
The question you have to consider is reliability and trust.
How reliable does the solution need to be? My experiece has been making
something work in a test lab is relatively easy. However, making
something
work in a deployed environment, thus sustainable 24/7/365 is much
harder.
Intermittent data losses will happen over time? How does your
application
manage these? How do you implement re-synchronisation (can’t be
triggered
automatically, as there is no feedback loop).
Sorry, I am not answering your question directly, rather rasiing issues
you
need to consider before building something yourself.
These issues are explored further iat the links below.
I’d argue the commercial solutions are value for money, given the
complexities.
Not to mention most organizations that would need such a device like
having someone to hold accountable (usually via lawsuit) when it fails.
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or
entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if
this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or
any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
