Protection of a computer or data network from undesired and unauthorized data disclosure, interception or alteration has been a perennial concern in the field of computer and network security. For example, firewall and anti-spyware software have been developed to address security concerns for computers and networks connected to the Internet and to protect them from possible cyberattacks such as Trojan horse-type viruses or worms that may trigger undesired and unauthorized data disclosure by these computers and networks. However, for high security computer networks such as those used by government agencies and intelligence communities and certain commercial applications, conventional network security devices such as firewalls may not provide sufficiently reliable protection from undesired data disclosure.
Alternative network security methods and devices based on unidirectional data transfer have been devised to address the network security concern. For example, U.S. Pat. No. 5,703,562 to Nilsen (“the '562 Patent”), the contents of which are hereby incorporated by reference in its entirety, provides an alternative way to address the network security concern. The '562 Patent discloses a method of transferring data from an unsecured computer to a secured computer over a one-way optical data link comprising an optical transmitter on the sending side and an optical receiver on the receiving side. By providing such an inherently unidirectional data link to a computer/data network to be protected, one can eliminate any possibility of unintended data leakage out of the computer/data network over the same link.
One-way data transfer systems based on such one-way data links provide network security to data networks by isolating the networks from potential security breaches (i.e., undesired and unauthorized data flow out of the secure network) while still allowing them to import data from the external source in a controlled fashion. FIG. 1 schematically illustrates an example of one such one-way data transfer system 100. In the one-way data transfer system shown in FIG. 1, two computing platforms (or nodes) 101 and 102 (respectively, “the Send Node” and “the Receive Node”) are connected to the unsecured external network 104 (“the source network”) and the secure network 105 (“the destination network”), respectively. The Send Node 101 is connected to the Receive Node 102 by a one-way data link 103, which may be an optical link comprising, for example, a high-bandwidth optical fiber. This one-way optical data link 103 may be configured to operate as a unidirectional data gateway from the source network 104 to the secure destination network 105 by having its ends connected to an optical transmitter on the Send Node and to an optical receiver on the Receive Node.
This configuration physically enforces one-way data transfer at both ends of the optical fiber connecting the Send Node 101 to the Receive Node 102, thereby creating a truly unidirectional one-way data link between the source network 104 and the destination network 105 shown in FIG. 1. Unlike the conventional firewalls, one-way data transfer systems based on a one-way data link are designed to transfer data or information only in one direction and it is physically impossible to transfer data or information of any kind in the reverse direction. No information or data of any kind, including handshaking protocols such as those used in data transport protocols such as TCP/IP, SCSI, USB, Serial/Parallel Ports, etc., can travel in the reverse direction from the Receive Node back to the Send Node across the one-way data link. Such physically imposed unidirectionality in data flow cannot be hacked by a programmer, as is often done with firewalls. Accordingly, the one-way data transfer system based on a one-way data link ensures that data residing on the isolated secure computer or network is maximally protected from any undesired and unauthorized disclosure.
The modern network communications involve various data types, such as files, e-mails, Web contents, real-time audio/video data streams, etc., and also various data transport protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). TCP has been known for its reliability and therefore considered suitable for transporting files and e-mails. UDP, on the other hand, has typically been used for transporting time-sensitive data streams, such as real-time audio/video data streams and also for transporting syslog messages.
Syslog is a standard for sending system log messages (“syslog messages”) via UDP in an IP network. Syslog messages comprise small textual messages from a syslog sender to a syslog receiver (also called syslog daemon, or syslog server), typically in cleartext, and may be configured to report activities at specific addresses in a network. A syslog receiver (syslog daemon) on the hosting platform is responsible for adding to the syslog message received from a syslog sender the IP address or hostname of the syslog sender and writing the result to a local syslog message file. The IP address or hostname of the originating syslog sender is a portion of IP information and may be found in the IP information area of the received syslog message. Syslog messages can be of particular importance in ensuring network security, as the activities of network intruders can be traced by syslog records and irregularities they generate in syslog files. Accordingly, syslog is frequently used as a tool for computer system management, network security auditing, and diagnostic functions. Syslog is supported by a wide array of platforms based on Unix-based operating systems, such as Solaris, Ultrix, AIX, HP-UX and Linux.
Because of many advantages syslog provides for network security and management, it is often desirable and necessary to implement syslog in a one-way data transfer system based on a one-way data link. Thus, it is an object of the present invention to handle transmission of syslog messages across a one-way data link.
Other objects and advantages of the present invention will become apparent from the following description.