![]() It handles general operations and maintenance, such as system backup. M-Guard Console is used to set up and configure the M-Guard appliance and M-Guard instances running on the appliance. M-Guard Console is the management GUI for M-Guard, which will connect to M-Guard over a third (management) network. Framing using RFC 7049 - Compact Binary Object Representation (CBOR).M-Guard will always validate IP address of connecting application.Two way strong authentication is recommended to validate peers.TLS is always used to protect the connection.Isode has also provided a freely available C++ reference implementation of GCXP. Isode has published the GCXP protocol in Appendix B of the M-Guard Administration Guide. The protocol used by applications that communicate with M-Guard is the Guard Content eXchange Protocol (GCXP). ![]() When the producer application initiates a connection to M-Guard, then M-Guard will connect to the consumer application before accepting the inbound connection. There is no extra information included with the acknowledgement, to avoid creation of a covert channel. M-Guard provides (optional) acknowledgement of transfer to enable reliable transfer from producer to consumer. These applications will be connected to the M-Guard appliance on separate networks. M-Guard, acting as an application level data diode, will validate messages and only pass through those that match configured criteria. Application IntegrationĪn M-Guard instance will sit between a pair of applications (producer and consumer), with XML messages flowing from producer to consumer. ![]() Prevent leak of sensitive data (e.g., by Security Label checks sender/recipient checks)įurther information is provided in the whitepaper.M-Guard is an appropriate device to control information flow across a red/black boundary.Īt boundaries where simple firewall protection is insufficient, M-Guard can provide checks including: There is often a need for management and control information to flow across the red/black boundary (crypto bypass). Primary red-side data is always encrypted at the red/black boundary, typically with a Type 1 (NSA definition) type cryptographic system. Secure systems are often split with a Red (internal/secure) and Black (external) side. M-Guard sits on the boundary to provide necessary controls and assurance. When two secure domains communicate across a national of organizational boundary, it is often important to tightly control information flow across the boundary. There are two primary deployment scenarios: M-Guard can be used by Isode and third-party applications. It does not perform any transformation it expects correct messages and enforces correct behaviour. M-Guard takes inbound XML messages and either passes them through or blocks them.
0 Comments
Leave a Reply. |