ReCon – One Device, Two Way, Zero Risk

ReCon – One Device, Two Way, Zero Risk

Digital transformation creates both opportunity and risk for today’s data-driven organizations. They are challenged with navigating the convergence of OT and IT systems, the emergence of the IoT and IIoT, and limiting or reducing the attack surfaces of their networks. As the evolution of this digital transformation unfolds and more networks and devices are connected, security concerns will only continue to grow.

To address this pressing need for security, hardware-enforced data diodes have been proven time and again to protect the OT networks, however, in some cases, organizations need to secure bidirectional communications that cannot be one-way.

The ReCon solution was designed to combine the same proven security benefits of a hardware-enforced data diode cybersecurity solution with the ability to provide secure round trip, bidirectional communication. ReCon enables organizations to maintain secure two-way connections between networks, while reducing their attack surface with much higher security assurance than traditional firewalls.

SECURE BI-DIRECTIONAL DATA DIODE COMMUNICATION, ABSOLUTE NETWORK SEGMENTATION

Possible use case scenarios:

• Communication between client and server
• Remote access
• Remote command and control
• Remote monitoring
• Safety system isolation
• No direct pass through of TCP/IP traffic

BI-DIRECTIONAL-HARDWARE ADVANTAGE

ReCon is a hardware-based cybersecurity solution utilizing two independent data diodes. Housed within a 1U standard rack- mountable enclosure, each one-way path within ReCon is completely independent from the other. The separate paths each enable only one direction (send or receive) of the data transfer, together creating a complete bi-directional pathway in one device.

Defense-in-Depth security at multiple capacities

ReCon follows the Department of Homeland Security’s (DHS) guidance for securing applications that cannot be one-way. Housed within a 1U standard rack-mountable enclosure, the solution is available in mid and high capacity models to better align with customer’s security and budgetary requirements.

• Fixed destination IP address

+ Ensures that communication can only be directed to a single destination IP address

• Secure remote command and control

+ Enables secure remote command and control with less risk than firewall-based security

• Restricted session initiation

+ TCP/IP connection can only be initiated from the trusted source side network. Destination side cannot initiate communication into the device.

PROTOCOL SUPPORT

ReCon provides basic protocol support for secure bi-directional communication:

• FTPS
• TCP/IP
• DNP3
• Ethernet/IP
• IEC-104
• ICCP
• MS SQL Database
• Replication

ADMINISTRATIVE SUPPORT

• Separate administration for source and destination sides
• Supports up to 5 simultaneous data streams
• Port mapping allows the admin to control destination address for connection – no entity outside of the destination network can access information about that network. This prevents malicious users from using a port scanner to find vulnerabilities in the network.
• Menu-driven user interface

+ Restricts command line access

Technical Specifications

OPERATING CONDITIONS

• 32°F to +110°F / 0°C to 43.33°C
• 20% to 85% humidity non-condensing

POWER SUPPLY

• Input: 100-240V AC auto-ranging, min. 30W per side (fused at 1A at IEC connector)
• Output: 5V at 5A – EU & UK power cables on request

STORAGE

• 40°F to 158°F / -40°C to 70°C
• 5% to 90% humidity non-condensing

VIBRATION

• Vibration: (IEC 60255-21-1)
• Vibration 1g(10-500Hz) (operational)
• Vibration 2g(10-500Hz) (operational and non- operational)

MOUNTING SIZE

• (1U) Rack mount, tabletop

NETWORK CONNECTIVITY

• Ethernet connections for network traffic and remote administration
• Physical connectors: 8P8C (RJ45)

SHOCK

• (IEC 60255-21-2) / Shock 10g 11ms (operational)
• Shock 30g 11ms (operational and non-operational)

COOLING SYSTEM

• Conductive cooling through enclosure side walls with high life expectancy/low noise fans

APPROVALS

• FCC Class B compliance CE Mark

CB Certificate: 72130592

UL 60950-1:2007 R12.11

CAN/CSA-C22.2 No.60950-1-07+A1:2011

• International Common Criteria Certification – EAL Certified
• VCCI

ISO

• Manufactured using ISO 9001:2015 certified quality program

CHASSIS SIZE

• 16.5” W x 1.75” H x 13” D
• 41.91 cm x 4.5 cm x 33 cm

UNIT WEIGHT

• 8.720 lbs./ 3.96 Kg

MEAN TIME BETWEEN FAILURE (MTBF)

• 14+ years

LOCAL ADMINISTRATION

• VGA connector for monitor
• USB connectors for keyboard and mouse