When protecting an isolated network against outsider attacks, there are a number of objectives and technologies that are commonly used. Objectives typically boil down to C.I.A. – Confidentiality, Integrity and Availability.

The best possible technology for confidentiality is the unidirectional network connection by means of a data diode. However, there is a lot of technology relating to data diodes that impacts integrity and availability. In particular, protocol breaks and content checking have a subtle relation to these objectives.

This briefing paper will explain how these technologies relate to one another and to the principal C.I.A. security objectives.

This paper focuses on situations where confidentiality has priority over integrity, where “protecting secrets” is essential. Data diodes can also be deployed for“protecting assets”, where integrity is essential and confidentiality is of secondary priority, typically when protecting industrial installations.

For the sake of clarity, we will focus on the “protecting secrets” scenarios in this paper.