0

I'm trying to determine the feasibility of using a serial port/cable to act as a simple and cheap data diode. I'll be connecting 2 Windows PCs (1 of which is on a secured network) using a 1-way null modem serial cable. I have physically removed pin 2 (receive data) on a DB9 connector that connects to the serial port of the PC located on the secured network in hope that this will make it impossible for a hacker to gain access to the secured PC through the serial port of the unsecured PC.

I tested this setup using Hyperterminal on both PCs and it appears to be able to prevent data from being sent from the unsecured PC to the secured PC at least when using a common serial communication tool such as Hyperterminal.

However, I'm concerned whether it is possible to hack the Windows API to hijack pin 3 (TD), and use it to receive data instead. I've seen a few articles but this is not clear to me that this is possible. Has anyone attempted to do something similar?

https://arstechnica.com/civis/viewtopic.php?f=20&t=538972

Or should I use one-way fibre instead? I've also considered 1-way fibre but it appears to be even more complex, I've also never used fibre before, so I can't figure how it could be done using commonly available network cards and equipment - anyway it's for another topic.

Joshua
  • 101
  • What exactly is it you are trying to accomplish? Are you just trying to force one-way communication with no possibility of two-way communication? Are both devices considered untrusted (i.e. can they collaborate with each other to send data in the "forbidden" direction), or is only one of them untrusted? – forest Jul 03 '18 at 07:30
  • @forest Yes, I’m trying to force one-way communication from the trusted to the untrusted PC. Two way communication should not be possible. The data sent (some server metrics) is not confidential and need not be encrypted. Even though the trusted PC is suppose to be secure, ideally the design must be such that even internal hacking is not possible, so we should not be able to bypass the security programmatically. Operators are not allowed to bring in any media and electronic equipment, including cellphones into the secure area housing the trusted PC. – Joshua Jul 03 '18 at 10:30
  • 1
    If it is physically possible for pin 3 to be used to receive data, then a fully compromised operating system could indeed use it to receive data. – forest Jul 03 '18 at 10:33
  • @forest Yes, this is what I'm trying to find out. I would assume that the trusted system has to be compromised in order for pin 3 to be used to receive data from the untrusted system? If it's not possible for a malware on the untrusted system to remotely change pin 3 on the trusted system, then a breach would only be possible through an insider job? Am I correct? – Joshua Jul 03 '18 at 12:34
  • Why not [build your own](https://github.com/wavestone-cdt/dyode)? – ThoriumBR Jul 03 '18 at 17:55
  • @Joshua So the untrusted system is the sender, and the trusted system is the receiver? If the system is truly trusted, you only have to tell it to ignore anything it is receiving, even if it is technically sent over the wire. – forest Jul 04 '18 at 02:02
  • @forest No, the untrusted system is the receiver, the trusted system is the sender. They don't want the untrusted system to be able to send anything (breach) the trusted system. The trusted system is suppose to be secure. – Joshua Jul 04 '18 at 08:16
  • @Joshua In that case, you can use any simple (as in difficult to exploit a driver) protocol and set the trusted system to ignore anything that is sent to it. – forest Jul 05 '18 at 02:10
  • @forest I won't be using any custom driver on the trusted PC, just a program that will lock the COM port and write to the COM port. Maybe the program should be written such that it has no code to read from the COM port. To prevent the program from being shutdown, maybe I should run using administrator rights? What are the cons of doing this? – Joshua Jul 05 '18 at 06:12
  • Well, it's complicated. Depending on the level of protection you need, you might need to understand how the hardware works to prevent the actual interface from being exploited (e.g. if it's a PCIe card with a bunch of RS-232 ports running its own firmware). And if the program is already trusted, you don't need to prevent it from shutting down. Simply don't read from the port. If that computer is indeed trusted, you don't have to worry about it reading anyway. The untrusted computer can send all it wants, but the trusted computer will simply ignore it. – forest Jul 05 '18 at 06:43

0 Answers0