What is Air-Gapped Security?

April 6, 2018 by
What is Air-Gapped Security?
Lighthouse IT Solutions, Matthew Almendinger

Now this is some seriously sci-fi stuff... But we can start at the beginning.

There was a time not too long ago where there was a sure, fool-proof way to secure your servers, computers and even entire networks. A way that would mean the end to worrying about nasty hackers. As old as time, the method is called Air-Gapped Security. This was where you would have a gap of air between the system and the rest of the network. Now when I refer to 'air' I mean in the sense that there is nothing connecting the machine to the world. There is no direct network connection from the internet or a large network to this machine. This is a terrific way to isolate a network or a device on your network that needs to be very secure. (Backups of important documents or codes are a fitting example of this and the stock market, the military/government and many industrial powers use air-gapping as a result.)

Like most things though, this comes with limitations and when I say limitations I mean serious weak points, but that the reality with basically all security methods. There are several ways to bridge an air-gap, including radio-frequency, thermal, magnetic, seismic, light, and acoustically. This all can be done though malware on a device connected to a network. This video outlines the acoustic method where the computer is transmitting data via sound generated by its hard drive writes. A device like a phone can listen for this and translate that into a copy of what the drive is recording. https://www.youtube.com/watch?v=H7lQXmSLiP8

This is the same experiment done but with a Faraday cage around the receiver which blocks all signal to the phone. This is using magnetic fields instead of acoustics or anything traveling through frequencies. https://www.youtube.com/watch?v=yz8E5n1Tzlo

Some methods of bridging the gap:

Using covert acoustical mesh networks, an attacker with microphones and speakers can transmit data to a distance of roughly 65ft. An FM receiver can be used by a hacker to tune into the FM signals that a graphics card makes while working to display an image on a screen. This can be used to reconstruct a screen for spying purposes. A light attack can be done by someone shining a light into a room with an air-gapped device that is connected to a multi-function printer/scanner (MFP). This light could receive and send attacks from the MFP with a scan is in progress.

The biggest problem with air-gapped security though, is simply human accountability. Taking out the weakest link in the chain of security usually means removing the human element. Very trustworthy employees are hard to come by and vetting out anyone who could have malicious intent is difficult. Anyone could do well for themselves simply by plugging in a flash-drive to one of your machines. Most people would be hard to trust under the wrong circumstances. But even if they do not have the key to your super-secure server rack you paid a bunch for, the fact is they could still get hold of your data. They could just place a device next to a server and wait for it to either capture enough audio from the mechanical drives writing away, sense the magnetic field differences being made, or do any of the many other methods to bridge the air-gap.

If you are concerned with the threat of your air-gapped devices being compromised, we suggest you do some of the following to minimize the likelihood of you losing any data to someone with malicious intent:

  • Replace hard-disc drives (HDDs) with solid-state drives (SSDs)
  • Properly shield all cables connected to the machine(s)
  • Make sure the machine(s) are properly stored either in a safeguarded room or offsite
  • Encrypt your data
  • Block unused USB ports with a Port Lock

If you still feel worried, then give us a call!

We are great at keeping networks secure and we even offer a FREE network risk assessment.

Contact Us and Learn More Here

Some References: