You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Danny - Terafence <da...@terafence.com> on 2020/12/22 07:53:33 UTC
Support for Uni-directional data-diode?
Hello,
Merry Christmas,
My name is Danny Michaeli, I am Terafence’s Technical Services Manager.
One of our customers is using KAFKA to gather ICS SEIM data to collect and forward to AI servers.
They have requested us to propose a uni-directional solution to avoid being exposed from the AI server site.
Can you, please advise as to if and how can this be done?
B. Regards,
Danny Michaeli
Technical Services Manager
[Logo]
Tel.: +972-73-3791191
Cell: +972-52-882-3108
Re: Support for Uni-directional data-diode?
Posted by jan <rt...@googlemail.com.INVALID>.
It might be best to do a web search for companies that know this stuff
and speak to them.
re. kafka over UDP I dunno but perhaps instead do normal kafka talking
to a proxy machine via TCP and have that proxy forward traffic via
UDP.
If that works, would simplify the problem I guess.
cheers
jan
On 23/12/2020, Danny - Terafence <da...@terafence.com> wrote:
> Thank you Jan,
>
> The aim is to secure the sending side infrastructure and assets. Deny any
> known and unkown attacks from the "outside" while maintaining real-time data
> flowing outbound.
> Data integrity may be maintained in various ways if the forwarded protocol
> has such options.
>
> I wonder if KAFKA can run over UDP... for starters..
>
> Anyone knows?
>
> On Dec 22, 2020 23:25, jan <rt...@googlemail.com.INVALID> wrote:
> Dunno if it helps (if in doubt, probably not) but a search for the
> term gets some useful articles (inc.
> <https://en.wikipedia.org/wiki/Unidirectional_network>) and a company
> <https://owlcyberdefense.com/blog/what-is-data-diode-technology-how-does-it-work/>
> who may be worth contacting (I'm not affiliated in any way).
>
> The first question I'd ask myself is, would a burn-to-dvd solution
> work? Failing that, basic stuff like email?
> In any case, what if the data's corrupted, how can the server's detect
> and re-request? What are you protecting against exactly? Stuff like
> that.
>
> jan
>
> On 22/12/2020, Danny - Terafence <da...@terafence.com> wrote:
>> Hello,
>>
>> Merry Christmas,
>>
>> My name is Danny Michaeli, I am Terafence’s Technical Services Manager.
>>
>> One of our customers is using KAFKA to gather ICS SEIM data to collect
>> and
>> forward to AI servers.
>>
>> They have requested us to propose a uni-directional solution to avoid
>> being
>> exposed from the AI server site.
>>
>> Can you, please advise as to if and how can this be done?
>>
>> B. Regards,
>>
>> Danny Michaeli
>> Technical Services Manager
>> [Logo]
>> Tel.: +972-73-3791191
>> Cell: +972-52-882-3108
>>
>>
>
Re: Support for Uni-directional data-diode?
Posted by Danny - Terafence <da...@terafence.com>.
Thank you Jan,
The aim is to secure the sending side infrastructure and assets. Deny any known and unkown attacks from the "outside" while maintaining real-time data flowing outbound.
Data integrity may be maintained in various ways if the forwarded protocol has such options.
I wonder if KAFKA can run over UDP... for starters..
Anyone knows?
On Dec 22, 2020 23:25, jan <rt...@googlemail.com.INVALID> wrote:
Dunno if it helps (if in doubt, probably not) but a search for the
term gets some useful articles (inc.
<https://en.wikipedia.org/wiki/Unidirectional_network>) and a company
<https://owlcyberdefense.com/blog/what-is-data-diode-technology-how-does-it-work/>
who may be worth contacting (I'm not affiliated in any way).
The first question I'd ask myself is, would a burn-to-dvd solution
work? Failing that, basic stuff like email?
In any case, what if the data's corrupted, how can the server's detect
and re-request? What are you protecting against exactly? Stuff like
that.
jan
On 22/12/2020, Danny - Terafence <da...@terafence.com> wrote:
> Hello,
>
> Merry Christmas,
>
> My name is Danny Michaeli, I am Terafence’s Technical Services Manager.
>
> One of our customers is using KAFKA to gather ICS SEIM data to collect and
> forward to AI servers.
>
> They have requested us to propose a uni-directional solution to avoid being
> exposed from the AI server site.
>
> Can you, please advise as to if and how can this be done?
>
> B. Regards,
>
> Danny Michaeli
> Technical Services Manager
> [Logo]
> Tel.: +972-73-3791191
> Cell: +972-52-882-3108
>
>
Re: Support for Uni-directional data-diode?
Posted by jan <rt...@googlemail.com.INVALID>.
Dunno if it helps (if in doubt, probably not) but a search for the
term gets some useful articles (inc.
<https://en.wikipedia.org/wiki/Unidirectional_network>) and a company
<https://owlcyberdefense.com/blog/what-is-data-diode-technology-how-does-it-work/>
who may be worth contacting (I'm not affiliated in any way).
The first question I'd ask myself is, would a burn-to-dvd solution
work? Failing that, basic stuff like email?
In any case, what if the data's corrupted, how can the server's detect
and re-request? What are you protecting against exactly? Stuff like
that.
jan
On 22/12/2020, Danny - Terafence <da...@terafence.com> wrote:
> Hello,
>
> Merry Christmas,
>
> My name is Danny Michaeli, I am Terafence’s Technical Services Manager.
>
> One of our customers is using KAFKA to gather ICS SEIM data to collect and
> forward to AI servers.
>
> They have requested us to propose a uni-directional solution to avoid being
> exposed from the AI server site.
>
> Can you, please advise as to if and how can this be done?
>
> B. Regards,
>
> Danny Michaeli
> Technical Services Manager
> [Logo]
> Tel.: +972-73-3791191
> Cell: +972-52-882-3108
>
>