The need to transfer data between security domains, typically in, the form of a network, is common both in industry and in government. Firewalls, such as email gateways, cross-domain solutions and other types of industry standard network edge protection devices, are examples of systems that address this need. These devices typically attempt to protect devices on an internal network from the larger internet by limiting or filtering network data. By controlling the flow of information across the network boundary, a firewall or other network edge device reduces the chances that a successful intrusion can be accomplished.
Connecting two or more domains that contain sensitive or confidential information adds additional requirements beyond integrity protection. A common scenario in U.S. and other government networks is that domains are separated based on the highest type of information approved to be transmitted over a network. To prevent unwanted disclosure, it is assumed that all data on these networks is the type at the highest level authorized for the network. This greatly reduces the level of trust placed in the devices attached to these networks and makes it practical to use commodity software. It also means that the networks must be kept strictly separated; even though one domain type of network, for example, might contain data only typed as domain A it is not possible for a device on a another domain type network to connect to the domain A network to receive this data.
Firewalls, such as cross-domain solutions (CDS), also called guards, are employed in scenarios where it is required that data be transmitted between domains in a controlled way. However, it is challenging, if not impossible, to test the firewalls between domains. Thus, a need exists in the art for improved testing of functionality of a firewall.