Air gap (networking)

From Wikipedia, the free encyclopedia - View original article

Jump to: navigation, search

An air gap or air wall[1] is a security measure often taken for computers and computer networks that must be extraordinarily secure. It consists of ensuring that a secure network is physically isolated from insecure networks, such as the public Internet or an insecure local area network. Frequently the air gap is not completely literal, such as via the use of dedicated cryptographic devices that can tunnel packets over untrusted networks while avoiding packet rate or size variation. Even in this case, there is no ability for computers on opposite sides of the air gap to communicate.

Limitations imposed on devices used in these environments may include a ban on wireless connections to or from the secure network or similar restrictions on EM leakage from the secure network through the use of TEMPEST or a faraday cage. It is most recognizable in the time-honored configuration known as "sneaker-net" where the only connection between two devices or networks is via a human being providing media-switching, i.e.; floppies, CDs, or USB drives. The term derives from the notion that one must put on sneakers and walk to transfer data.

In environments where networks or devices are rated to handle different levels of classified information, the two (dis-)connected devices/networks are referred to as "low side" and "high side", low being unclassified and high referring to classified, or classified at a higher level. This is also occasionally referred to as red or high (classified) and black or low (unclassified). To move data from the high side to the low side, it is necessary to write data to a physical medium, and move it to a device on the latter network. Traditionally based on the Bell-La Padula Confidentiality Model, data can move low-to-high with minimal processes while high-to-low requires much more stringent procedures to ensure protection of the data at a higher level of classification.

The concept represents nearly the maximum protection one network can have from another (save turning the device off). It is not possible for packets or datagrams to "leap" across the air gap from one network to another, but software such as Stuxnet has been known to bridge the gap by exploiting security holes related to the handling of removable media.

The upside to this is that such a network can generally be regarded as a closed system (in terms of information, signals, and emissions security) unable to be accessed from the outside world. The downside is that transferring information (from the outside world) to be analyzed by computers on the secure network is extraordinarily labor intensive, often involving human security analysis of prospective programs or data to be entered onto air-gapped networks and possibly even human manual re-entry of the data following security analysis.[2]

Examples of the types of networks or systems that may be air gapped include:


  1. ^ Wiktionary: Airwall, retrieved on 2010-05-13
  2. ^ Lemos, Robert (2001-02-01). "NSA attempting to design crack-proof computer". ZDNet News. CBS Interactive, Inc.. Retrieved 2012-10-12. "For example, top-secret data might be kept on a different computer than data classified merely as sensitive material. Sometimes, for a worker to access information, up to six different computers can be on a single desk. That type of security is called, in typical intelligence community jargon, an air gap." 
  3. ^ Rist, Oliver (2006-05-29). "Hack Tales: Air-gap networking for the price of a pair of sneakers". Infoworld. IDG Network. Retrieved 2009-01-16. "In high-security situations, various forms of data often must be kept off production networks, due to possible contamination from nonsecure resources — such as, say, the Internet. So IT admins must build enclosed systems to house that data — stand-alone servers, for example, or small networks of servers that aren't connected to anything but one another. There's nothing but air between these and other networks, hence the term air gap, and transferring data between them is done the old-fashioned way: moving disks back and forth by hand, via 'sneakernet'." 
  4. ^ Zetter, Kim (2008-01-04). "FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack". Wired Magazine. Condénet, Inc.. Archived from the original on 23 December 2008. Retrieved 2009-01-16. "(...Boeing...) wouldn't go into detail about how ( is tackling the issue but says it is employing a combination of solutions that involves some physical separation of the networks, known as air gaps, and software firewalls." 
  5. ^ Ligon, Jan (2012-07-17). "How to get malware as Flamer to one-way?". First electronic magazine about The Czech Internet. Retrieved 2012-07-17. "IT security can use independent HW equipment like DataDiode or AirGap for secure transport or exchange data in a rule of security countermeasures against malware as for ex. virus type Flamer (Flame (malware)) is. Security HW AirGap 02 even for bidirectional secure information exchange between isolated information systems with different security levels. Such security HW implementation would be a serious problem for similar backdoor or spyware when will try to find the way out for stolen information."