What is a Cross Domain Solution (CDS)?
A High Assurance Cross Domain Solution, or Cross Domain Gateway, is used to provide strong isolation between different networks or trust domains.
What makes a Cross Domain Solution High Assurance?
Cross Domain Solutions typically include physical and dedicated hardware (such as an FPGA) to create strong isolation between networks. If the hardware implementation is then assured by an organisation like the National Cyber Security Centre (UK) or NSA (US), a far higher degree of confidence can be established than with software-based solutions, such as Firewalls, that are subject to software-based vulnerabilities.
What kind of network isolation can be achieved?
A typical Cross Domain Solution can be configured to control what kind of application and network traffic is allowed to traverse a boundary between networks. It will validate that the traffic that crosses is well-formed and cannot be used to compromise services behind the gateway.
What is an example CDS application?
Becrypt use Cross Domain Solutions to protect management infrastructure, such as Becrypt Enterprise Manager when used for desktop or mobile device management (MDM). Management Servers can hold a lot of high-value information for attackers, and when compromised make both the devices and the organisation extremely vulnerable as has happened in well publicised attacks. Placing management servers behind a CDS gateway provides strong isolation from less trusted networks, such as the internet.