User:Kingpauly/sandbox

Trusted Gateway System(TGS) is a commercial off the shelf Software package used for the secure transfer of files between networks. TGS is generally implemented to transfer files between higher security systems and lower security (Classified to Unclassified and Unclassified to Classified systems).

History
TGS was initially developed by Trusted Computer Solutions prior to being purchased by Raytheon in 2010. This company is now named Raytheon Trusted Computer Solutions.

Overview
Trusted Gateway system provides built in manual review and automatic validations of files being transferred between networks with a variety of secure transfer workflows. When Files are sent from a lower classification to a higher classification system, the files must go through the Directory Transfer Service for file checks.

Workflows
The two person review and release is generally used when transferring files from a higher classification system to a less classified system. TGS forces two users of the systems to hold distinct roles. The initiator of the transfer on the high side is the Producer and the user on the lower side is the Releaser. The Releaser must open each job file and approve any word searches on the files before the job can be approved for release to the network. Self Release allows a single user to create jobs to send data to approved locations in a single step and not requiring the review of the jobs on the other side. This requires the user to be in the Self-Release role and more control can be added to only allow specific destinations for the Self-Release role. This allows a drag and drop method to predefined locations. The system performs validations on the files and if the file fails validation, the user is notified and the transfer is not initiated. Provides a rapid transfer of text or files to predefined networks. After the file is validated and checked, it transfers the file using the Extensible Messaging and Presence Protocol(XMPP). Bulk upload is used normally for the transfer of large quantities of data from a lower classified network to a higher classified network. Bulk uploader supports direct file transfers using the Secure Copy Protocol(SCP). Bulk upload uses a configured hosts to allow only predefined destinations to use SCP.
 * Two Person Human Review
 * Self Release
 * Quick Submit
 * Quick Release
 * Bulk Upload

Directory Transfer Service Options
Uses a third party scanning software that can be configured to exclude trusted file types to speed up processing Uses extension matching, XML validation, Raytheon signature algorithm, and a third party algorithm. Each of these are configurable to meet the individual organizations needs. Checks for certain words that are not to be released to other systems. Works in conjuction with clean words that may contain a "dirty" word. This could prevent secret from passing through, but allow secretary. When a "dirty word" is discovered, the system gives the user the option of allowing the file to pass. This scans files for and removes hidden and embedded data and metadata.
 * Virus Scanning
 * File Type Verification
 * Dirty Word Search
 * Content Inspection

Platforms
The Guard runs on the following systems
 * Red Hat Security-Enhanced_Linux (SELinux)
 * Trusted Solaris_(operating_system) 8
 * XTS from BAE

Links
TGS data sheet