If you are a cyber security enthusiast, you are bound to come across the term \u201cair gapped computer.\u201d As it relates to computer networking, air gapping is a security measure to ensure that a computer network is physically isolated from unsecured networks like the internet and local area networks.<\/p>\n\n\n\n
Nowadays, cyber security is at high stake. Organizations constantly transmit sensitive data across networks and hence, cyberattacks are on the rise. Ransomware, for example, is one of the most common\u00a0cyber threats\u00a0these days. Cybersecurity Ventures predicts the global cost of ransomware attacks to increase to $265bn by 2031.<\/p>\n\n\n\n
The rising number of cyber attacks is the main reason why tight security is paramount. In general, a secure infrastructure includes multiple layers of protection dispersed throughout computers, programs, and networks. The\u00a0air gap<\/strong>\u00a0concept is also believed to be a highly effective way to protect valuable information. But is it really secure enough?\u00a0<\/p>\n\n\n\n An\u00a0air gap<\/em>\u00a0is a network security measure that implies a physical separation between a secure network and any other computer or network. <\/p>\n\n\n\n An air-gapped computer is isolated from unsecured networks, meaning that it is not directly connected to the internet, nor is it connected to any other system that is connected to the internet. A true air gapped computer is also physically isolated. This means the only way to pass data to it is physically (via USB, removable media, or a firewire with another machine).<\/p>\n\n\n\n The term \u201cair gapping\u201d refers to the idea that there is a gap of air between the computer and other networks. It isn\u2019t connected to them and it can\u2019t be attacked over the network. An attacker would have to \u201ccross the air gap\u201d and physically sit down in front of the computer to compromise it, as there\u2019s no way to access it electronically over a network.<\/p>\n\n\n\n Air gapping also plays an\u00a0important role in backup and recovery. For example with 3-2-1 backups, each backup has three copies. While two of the copies can be stored on the same network, the third copy has to be air-gapped and stored in a completely different physical location. This way, even if the network is attacked and the first two copies become compromised, storage administrators can use the air-gapped copy to restore data quickly.<\/p>\n\n\n\n Some companies will market that a network or computer is air gapped despite the fact that the systems are only separated with a software firewall. Be cautious of this, as firewalls can be breached as a result of both security failures and misconfiguration.<\/p>\n\n\n\n Air gapping a computer is actually pretty simple: Just disconnect it from the network. <\/p>\n\n\n\n Don\u2019t connect it to the internet, and don\u2019t connect it to a local network. Disconnect any physical Ethernet cables and disable the computer\u2019s Wi-Fi and Bluetooth hardware. For maximum security, consider reinstalling the computer\u2019s operating system from trusted installation media and using it entirely offline after that.<\/p>\n\n\n\n Don\u2019t re-connect the computer to a network, even when you need to transfer files. If you need to download some software, for example, use a computer connected to the internet, transfer the software to something like a USB drive, and use that storage device to move the files back and forth. <\/p>\n\n\n\n This ensures that your air-gapped system can\u2019t be compromised by an attacker over the network. It also ensures that, even if there is malware like a keylogger on your air-gapped computer, it can\u2019t communicate any data over the network.<\/p>\n\n\n\n For better security, disable any wireless networking hardware on the air-gapped PC. For example, if you have a desktop PC with a Wi-Fi card, open the PC and remove the Wi-Fi hardware. If you can\u2019t do that, you could at least go to the system\u2019s\u00a0BIOS or UEFI firmware\u00a0and disable the Wi-Fi hardware.<\/p>\n\n\n\n There are three main types of the air gap concepts:<\/p>\n\n\n\n In theory, malware on your air-gapped PC could re-enable the Wi-Fi hardware and connect to a Wi-Fi network if a computer has functioning wireless networking hardware. So, for a nuclear power plant, you really want a computer system that has no wireless networking hardware inside it. At home, just disabling the Wi-Fi hardware may be good enough.<\/p>\n\n\n\n Also, you must bee careful about the software you download and bring to the air-gapped system. If you are constantly transferring data back and forth between an air-gapped system and a non-air-gapped system via a USB drive and both are infected with the same malware, the malware could exfiltrate data from your air-gapped system via the USB drive.<\/p>\n\n\n\n Finally, ensure the air gapped computer is physically secure, too\u2014physical security is all you need to worry about.\u00a0For example, if you have an air-gapped critical system with sensitive business data in an office, it should probably be in a secure area like a locked room rather than in the center of an office where various people are always walking back and forth. <\/p>\n\n\n\n If you have an air-gapped laptop with sensitive data, store it securely so it isn\u2019t stolen or otherwise physically compromised.<\/p>\n\n\n\n Air-gapped computers are often found in environments working with classified information or that control critical infrastructure. Below are examples.<\/p>\n\n\n\n Some systems mentioned above may be\u00a0remotely\u00a0monitored or controlled in a controlled network. However, when remote access is granted to an air-gapped system, it\u2019s considered a \u201cclosed system,\u201d not air-gapped.<\/p>\n\n\n\n Gapped computers are typically located in secure places, such as in a separate server facility with tight security. As a precaution, air-gapped systems have restricted access, so only a few trusted users can access them.<\/p>\n\n\n\n Air gapping protects critical computer systems or data from potential cyber-attacks. The purpose of an air gap is to eliminate any possibility that a threat actor can infiltrate the protected system through an external connection.<\/p>\n\n\n\n Companies also use gapping to create backups for their data. Implementation of an air gap backup can be a challenge though, as it requires a high level of security and planning. However, when managed properly, gapped networks can provide one of the highest levels of security. <\/p>\n\n\n\n Besides, with the help of air gap backups, companies can restore the data even if it was lost or corrupted due to a software glitch, a hardware failure, or a ransomware attack.<\/p>\n\n\n\n Gapping plays an important role in the 3-2-1 backup strategy. This strategy ensures that you will always have access to your data since there will be at least 3 backups. And gapping is usually the preferred method of backing up the data in regard to the 3-2-1 rule.<\/p>\n\n\n\n Note<\/strong>: Although air gapping can defend your data from hackers, this method is not unbreakable. Seeing gaps as a single form of defense can cause significant damage and risks. <\/p>\n\n\n\n One way hackers are beating the air gap is through the use of USB malware. The Stuntex worm incident from 2010 is a good example of how network hardware can cause damage, as that strain of malware was spread to Iranian industrial and nuclear plants via USB drives. The key point in the Stuntex case is that a determined actor infiltrated a secure facility and delivered malware that ultimately found its target despite a gapped network.\u00a0<\/p>\n\n\n\n No. Air gapped computers can still be breached. Granted, it is a lot harder to do when a computer, but methods exist.<\/p>\n\n\n\n The easiest way to breach an air gapped computer is to find a human intermediary to breach the computer. To do this they will need to access the computer themselves and attach a USB device like a flash drive or a Wi-Fi dongle. Think Tom Cruise from Mission Impossible.<\/p>\n\n\n\n That\u2019s the easy way.<\/p>\n\n\n\n Air-gapped computers aren\u2019t immune from threats. People can use USB drives and other removable storage devices to move files between air-gapped computers and networked computers. For example, you might download an application on a networked computer, put it on a USB drive, take it to the air-gapped computer, and install it.<\/p>\n\n\n\n This opens up a vector of attack, and it\u2019s not a theoretical one. The sophisticated Stuxnet worm worked in this way. It was designed to spread by infecting removable drives like USB drives, giving it the ability to cross an \u201cair gap\u201d when people plugged those USB drives into air-gapped computers. It then used other exploits to spread through air-gapped networks, since some air-gapped computers inside organizations are connected to each other but not to larger networks. The worm was designed to target specific industrial software applications.<\/p>\n\n\n\n The Stuxnet worm, allegedly from the USA and Israel, reportedly did a lot of damage to Iran\u2019s nuclear program. However, the countries involved did not publicly confirm these facts. However, what we do know is that Stuxnet was sophisticated malware designed to attack air-gapped systems.<\/p>\n\n\n\n If you want to get a bit more scientific, there are other way channels to extract data from an air gapped computer, they include:<\/p>\n\n\n\n Electromagnetic channels are the oldest attack vectors of the group. These techniques include eavesdropping on EM radiation from the computer\u2019s memory bus and monitoring leakage from USB ports and cables. Because electromagnetic channels have been widely studied, EM shielding has become a fairly common defensive measure.<\/p>\n\n\n\n Recently, acoustic channels have become a popular attack vector. This is due to the proliferation of hackable smartphones that are capable of picking up audio signals that the human ear can\u2019t differentiate from background noise. <\/p>\n\n\n\n The most cutting-edge area involves\u00a0the use of ultrasonic sound waves with higher frequencies\u00a0that are both inaudible and provide greater bandwidth.<\/p>\n\n\n\n Unlike the other categories, thermal hacks are more theoretical than anything at this point. While they have been demonstrated, the bandwidth is low, measuring in the low tens of bits per second over a very short distance. It\u2019s unclear whether this will ever become a practical attack vector.<\/p>\n\n\n\n The most recent channel to be explored, optical transmission is bolstered by the advent and widespread availability of easily-hacked surveillance cameras. The cameras include LEDs on almost every system and can transmit substantial amounts of information.<\/p>\n\n\n\n Extremely challenging. The common theme with all of these attacks is that they require physical proximity. This means being close enough to record Electromagnetic radiation, pick up inaudible sound waves, or rappel down from the ceiling.<\/p>\n\n\n\n Beyond that, most of them are proof-of-concept attacks. That means they\u2019re all:<\/p>\n\n\n\n That last point is especially salient. These exploits were pulled off primarily to raise awareness and not things you are likely to find in practice. On the flip side, most cybercriminals don\u2019t provide proof of concept, so there could be other methods we don\u2019t even know about.<\/p>\n\n\n\n Regardless, the best and most reliable method continues to be social engineering. Doing it the Tom Cruise way.<\/p>\n\n\n\n Yes. For example,\u00a0Stuxnet\u00a0was able to attack and\u00a0infect\u00a0an air-gapped system through a USB (universal serial bus)\u00a0thumb drive\u00a0that was connected to a computer on its network.<\/p>\n\n\n\n If an air-gapped computer also had\u00a0drives,\u00a0USB\u00a0ports,\u00a0Bluetooth, and other\u00a0ports\u00a0disabled, it would be almost impossible for a virus or other\u00a0malware\u00a0to infect the computer. We say \u201calmost\u201d because, as mentioned above, scientists have demonstrated more sophisticated methods of attacking an air gap system using acoustic signaling. They also theorized FM\u00a0(frequency modulation) signals,\u00a0NFC\u00a0(near-field communication), and cellular frequencies. <\/p>\n\n\n\n To prevent these types of attacks, an air-gapped computer would require a Faraday cage to block all forms of wireless communication.<\/p>\n\n\n\n As mentioned, a gapped system is not perfect and has its flaws and vulnerabilities. To enhance your air gap security, keep the following things in mind:<\/p>\n\n\n\nWhat is an Air Gap?<\/strong><\/span><\/h2>\n\n\n\n
How to Air Gap a Computer<\/strong><\/span><\/h2>\n\n\n\n
Types of air gaps<\/strong><\/h2>\n\n\n\n
\n
More on Air Gapping a Computer<\/strong><\/span><\/h2>\n\n\n\n
Where are air-gapped computers used?<\/strong><\/h2>\n\n\n\n
\n
Purpose of air gapping a computer<\/strong><\/h2>\n\n\n\n
The 3-2-1 rule<\/strong><\/h5>\n\n\n\n
Are air gapped computers completely secure?<\/strong><\/h2>\n\n\n\n
Other ways to breach air gapped computers<\/strong><\/h4>\n\n\n\n
Electromagnetic<\/strong><\/h5>\n\n\n\n
Acoustic<\/strong><\/h5>\n\n\n\n
Thermal<\/strong><\/h5>\n\n\n\n
Optical Transmission<\/strong><\/h5>\n\n\n\n
How difficult is it to breach air gapped computers?<\/strong><\/h2>\n\n\n\n
\n
Is it possible for a virus to infect an air-gapped system?<\/strong><\/h2>\n\n\n\n
How to enhance air gap security<\/strong><\/h2>\n\n\n\n
\n
Recommended Articles <\/strong><\/span><\/h2>\n\n\n\n
\n
References<\/strong><\/span><\/h2>\n\n\n\n
\n