Surfilter ViGap Security Isolation and Information Unidirectional Access System is a new-generation network isolation and unidirectional data transmission product independently developed by Surfilter Network Technology Co., Ltd. using advanced unidirectional optical channel transmission technology and GAP hardware isolation technology. It is laid between the internal network and the external network. The data is collected from the external network and transmitted to the internal network through the physical unidirectional optical channel, and there is no reverse optical signal transmission physical channel between the internal network and the external network. This enables the data to be transmitted from the low-density network to the high-density network, and completely protects internal network confidential data leakage to the external network through the physical hardware.
Product Features
ViGap Security Isolation and Information Unidirectional Access System is mainly composed of three parts—a dedicated unidirectional optical channel security isolation board, external device (external untrusted terminal transmitter), and internal device (internal trusted terminal receiver). Its technical features include:
1. ViGap uses advanced electronic switching technology
To ensure physical isolation between the internal and the external network on the ViGap device, a well-designed hardware electronic switching action system is included in ViGap to enable two sets of high-speed electronic switches connecting to the internal network terminal and external network terminal, to cooperate with the system data stream to "switch on" and "switch off" on a time-sharing basis.
2. ViGap adopts advanced unidirectional fiber channel technology
The unidirectional fiber channel in ViGap adopts SFP-based fiber transceiver unit design, to convert electrical signals into optical signal transmission; the external device only has a transmitter, and the internal terminal only has a receiver. Therefore, there is no physical feedback signal, and unidirectional physical hardware can be guaranteed.
3. ViGap adopts secure operating system
ViGap uses a security-optimized Linux operating system, with a tailored Linux kernel to uninstall all external system services and reconfigure the TCP/IP protocol stack to ensure system security. At the same time, the system has built-in anti-memory overflow system, which can effectively protect the system process, including GAP data ferry process security, and further strengthen the system’s anti-attack capability. To ensure stable and reliable system operation as well as prevent viruses and Trojans from affecting the GAP operating system, Surfilter uses DOM as the storage medium and mirrors the Linux system to the memory expansion operation path, hence, it is impossible for the system to add new programs, drivers and services.
4. ViGap adopts secure and reliable data transmission
The ViGap isolation GAP adopts a modular design and uses the push-pull mode to complete one-way synchronization of specified files on the external network server. The data transmission is safe and reliable as only pure file-level data is transmitted between the internal and external networks, without any control commands. ViGap modules can be tailored to customize specific module combinations that suit the user's needs during production.
System Functions
Access control
content inspection
flow control
one-way file transmission
system monitoring
log auditing
secondary development function
system management function
high reliability/availability function
user management