Virtual Air Gap
VAG/SAHAB
Real-Time Security, Protection at International Standards
A Common Criteria EAL4+ certified system solution that enables secure information exchange between networks with different security levels for ‘Mission-Critical’ operations.
- VAG is designed to withstand and mitigate contemporary cyber threats for organizations providing or receiving real-time services.
- VAG is a unique and superior security solution with dual patents from both the USA and Turkey. Its patented nature makes it truly unparalleled.
The VAG system operates with an internal and an external server built on a Linux system and manages the information flow through shared memory. The VAG system is positioned between the external network and the confidential network and does not use IP-based communication for its internal connection. In this way, as the name suggests, a “virtual air gap” is established with high security. To ensure its regular operation, VAG is protected by many peripheral components. Examples of these components located on each server include a firewall (FW), network-based intrusion detection system (NIDS), protocol filtering, and host-based intrusion detection system (HIDS).
Data flow on the VAG is bidirectional. Requests/responses from the external network are received by the external server. These requests/responses pass to the application base under the control of the external server. Filtered and controlled requests/responses are transmitted to shared disks following encryption and digital signing. The internal server retrieves these requests/responses from the shared memory after decryption and signature verification. If no issues are detected, the requests/responses are logged and forwarded to the designated application on the internal server. The information flow follows the same process for connections from the internal network to the external network.
- Operates on internal and external network servers.
- Creates a “Virtual Air Gap” boundary between servers.
- Bidirectional data flow is provided at +7 Gbit/s bandwidth.
- Latency during parallel communication is lower than 0.1 ms.
- Requests/Responses are filtered on internal and external servers.
- Encrypted and signed communication is performed via the shared memory unit.
- The CC EAL4+ certification is the highest international security level in the field of cybersecurity and guarantees that our products have undergone rigorous testing.
- This certification proves that we meet high-level security requirements, which are mandatory especially for government institutions, and demonstrates that we provide our customers with maximum data protection.
- Hardened Linux Kernel
- Internal Firewall
- Internal Intrusion Prevention System
- System Integrity Check
- Signed Codes
- Obfuscation
- Message Encryption Algorithms
- Customized Disk Formatting Method
- Audit/Log Software
- External Application-Level Firewall
- External Network Firewall and Intrusion Prevention System
• 2 x 1U COTS Server
• PCI-e Shared Memory
• Ethernet (1G, 10G)