Tardiwall — USB Firewall & Sheep-Dip Station
Dirty USBs remain the #1 cyber threat on ships and in offices.
Traditional antivirus scans too late — after the device is already mounted.
Tardiwall stops infected media before it touches your PCs, servers, or ECDIS.
The Problem
- Crews and staff rely on USB sticks for charts, updates, and vendor files.
- AV products like Windows Defender or ESET only scan after a stick is mounted.
- Autorun is gone, but malware, scripts, and “BadUSB” keyboard attacks still work.
- One careless plug-in can cripple a ship or office network.
The Solution — Tardiwall
A dedicated USB firewall appliance that enforces safe media handling.
- Dirty stick in → Clean stick out
- Scan and block malicious or unwanted files (EXE, scripts, ransomware).
- Approval workflow: office or manager approves via email or NTFY link.
- Audit log: every device, every file, every decision recorded.
- Network delivery: where supported, systems pull updates over LAN instead of USB.
Why Not Just Rely on AV?
| Endpoint Antivirus | Tardiwall |
|---|---|
| Scans after USB is already mounted | Blocks before endpoint ever sees files |
| No file-type policy enforcement | Granular rules (EXEs blocked, docs/images allowed) |
| Logs ignored, PC by PC | Centralized approvals and fleet-wide audit |
| Depends on each PC being patched | Works regardless of OS or Windows version |
Key Benefits
- Protects ECDIS and OT systems — no untrusted USBs ever plugged in.
- Fleet-wide consistency — one rule, everywhere.
- Simple crew process — “Use the white stick from the Tardiwall box.”
- Compliance ready — auditable evidence for ISM/IMO inspections.
- Works for SMBs too — one secure entry point for all portable media.
How It Works
- Insert any USB stick into the Tardiwall box.
- Files are mounted read-only and scanned.
- Unsafe files are blocked or quarantined by policy.
- Approved files are either:
- Served over the local network via a secure dashboard, or
- Written onto a dedicated clean USB stick with a log.
- PCs and ECDIS only ever see clean, logged media.
Certification?
There is no formal certification scheme for USB firewalls today.
Instead, Tardiwall is aligned with IMO Resolution MSC.428(98) and best practice (BIMCO, ICS).
It provides an auditable removable media control process — exactly what inspectors expect.
Call to Action
We are now seeking pilot customers for Tardiwall.
Pilot pricing starts from $499/year per box, with support and updates included.
Dirty in. Clean out. Guaranteed.
