Secure Transfer
Secure Transfer is a fundamental building block when creating a secure IT-system. Secure Transfer adds import, export and transport capabilities using standard off-the-shelf components.
Smart card aware
Build system using COTS
Works with any data diode
Ready for virtualization
How it works
The central part of Secure Transfer is the Guard that performs:
- Content inspection
- Transfer routing based on cryptographic metadata
- PKI-aware authorization of transfers
- Configuration of transfer routes
All import and exports pass through the Guard that decides if the transfer is allowed based on transfer metadata and contents of transferred data.
Secure Transfer includes clients for:
- Export to external media from within the Secure IT-system.
- Import from external media to the user desktop in the Secure IT-system.
Features
Import
Importing is performed from an Import Station running the Secure Import Client software where files can be imported from USB and CD/DVD. The imported files are encrypted and encapsulated in the Secure Data Format based on the user’s smart card before being sent to the Guard for content inspection and transfer approval.
Assuming the Guard approves the transfer, it is forwarded, and the user can retrieve it from the User Desktop using the Secure Transfer Client software. The transfer is decrypted, and the user can save it to any suitable location.
See Secure Import Client and Secure Transfer Client for more details.
Export
Export is initiated by the user from the User Desktop by running the Secure Transfer Client. The user selects a local file and sends it to the Export Station. The files is encrypted and encapsulated into a Secure Data Format based on the user’s smart card before being sent to the Guard.
Assuming the export is allowed the file can be retrieved by the same user from an Export Station running the Secure File Export Client software. The file can be exported to USB or CD/DVD after being decrypted based on the user’s smart card.
See Secure Export Client and Secure Transfer Client for more details.
Secure Print
Printing can be done from the User Desktop to a physical printer at a Release Station. This while the print job passes the Guard for transfer authentication and content inspection. Printing can be done from any application that supports Windows printing.
See Secure Print for more details.
Modular design
Secure Transfer is fully modular with respect to the design of the IT-system. The basic element in the Guard is a Transfer Flow that corresponds with a one-way transfer route from one location to another. A Transfer Flow will have a Sender Domain and a Receiver Domain. Each Transfer Flow is fully configurable and have their own set of authenticated users.
An example of a Transfer Flow is the flow from RED to EXPORT, where RED is where the user work on the secure data. EXPORT corresponds with the domain where the export clients are located. It is possible to divide the system into segments to separate information based on e.g. project and to allow controlled transfer of data between the segments.
Content Inspection
All Transfer Flows passes the Guard and all files will be subject to content inspection. The transfer is allowed or blocked based on configuration and the transferred file. Content inspection is performed on the actual payload and not the encrypted transfer.
The content inspection is done by fully customizable filters. Several standard filters are supplied, e.g. for antivirus scanning and black/white listing based on file MIME-type. Any policy decision that can be written in, for example Python, and be based on payload file and transfer metadata can be turned into a filter.
A transfer that is blocked by content inspection will be quarantined and the receiver will be notified. A Secure Transfer administrator may override the content inspection and resume the transfer if an investigation shows that the block was unintentional.
Accountability
All security relevant actions can be logged to a central Log Service. The log trails contain cryptographical information mapping the action to the user’s identity proven by the smart card. This ensures coherence between logs, even if the logs are collected from disjunctive IT-systems were the user have different accounts but were the identity is proven with the same smart card.