Air gap (networking)
Encyclopedia
An air gap or air wall is a security measure often taken for computers and computer networks that must be extraordinarily secure. It consists of ensuring that a secure network is completely physically, electrically, and electromagnetically isolated from insecure networks, such as the public Internet or an insecure local area network. Limitations imposed on devices used in these environments may include a ban on wireless connections to or from the secure network or similar restrictions on EM
leakage from the secure network through the use of TEMPEST
or a faraday cage
. It is most recognizable in the time-honored configuration known as "sneaker-net
" where the only connection between two devices or networks is via a human being providing media-switching, i.e.; floppies, CDs, or USB drives. The term derives from the notion that one must put on sneakers and walk to transfer data.
In environments where networks or devices are rated to handle different levels of classified information
, the two (dis-)connected devices/networks are referred to as "low side" and "high side", low being unclassified and high referring to classified, or classified at a higher level. This is also occasionally referred to as red or high (classified) and black or low (unclassified). To move data from the high side to the low side, it is necessary to write data to a physical medium, and move it
to a device on the latter network. Traditionally based on the Bell-La Padula Confidentiality Model, data can move low-to-high with minimal processes while high-to-low requires much more stringent procedures to ensure protection of the data at a higher level of classification.
The concept represents the maximum protection one network can have from another (save turning the device off). It is not possible for packets or datagram
s to "leap" across the air gap from one network to another.
The upside to this is that such a network can generally be regarded as a closed system (in terms of information, signals, and emissions security) unable to be accessed from the outside world. The downside is that transferring information (from the outside world) to be analyzed by computers on the secure network is extraordinarily labor intensive, often involving human security analysis of prospective programs or data to be entered onto air-gapped networks and possibly even human manual re-entry of the data following security analysis.
Examples of the types of networks or systems that may be air gapped include:
Electromagnetic radiation
Electromagnetic radiation is a form of energy that exhibits wave-like behavior as it travels through space...
leakage from the secure network through the use of TEMPEST
TEMPEST
TEMPEST is a codename referring to investigations and studies of compromising emission . Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any...
or a faraday cage
Faraday cage
A Faraday cage or Faraday shield is an enclosure formed by conducting material or by a mesh of such material. Such an enclosure blocks out external static and non-static electric fields...
. It is most recognizable in the time-honored configuration known as "sneaker-net
Sneakernet
Sneakernet is an informal term describing the transfer of electronic information, especially computer files, by physically couriering removable media such as magnetic tape, floppy disks, compact discs, USB flash drives, or external hard drives from one computer to another. This is usually in lieu...
" where the only connection between two devices or networks is via a human being providing media-switching, i.e.; floppies, CDs, or USB drives. The term derives from the notion that one must put on sneakers and walk to transfer data.
In environments where networks or devices are rated to handle different levels of classified information
Classified information
Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
, the two (dis-)connected devices/networks are referred to as "low side" and "high side", low being unclassified and high referring to classified, or classified at a higher level. This is also occasionally referred to as red or high (classified) and black or low (unclassified). To move data from the high side to the low side, it is necessary to write data to a physical medium, and move it
Sneakernet
Sneakernet is an informal term describing the transfer of electronic information, especially computer files, by physically couriering removable media such as magnetic tape, floppy disks, compact discs, USB flash drives, or external hard drives from one computer to another. This is usually in lieu...
to a device on the latter network. Traditionally based on the Bell-La Padula Confidentiality Model, data can move low-to-high with minimal processes while high-to-low requires much more stringent procedures to ensure protection of the data at a higher level of classification.
The concept represents the maximum protection one network can have from another (save turning the device off). It is not possible for packets or datagram
Datagram
A datagram is a basic transfer unit associated with a packet-switched network in which the delivery, arrival time, and order are not guaranteed....
s to "leap" across the air gap from one network to another.
The upside to this is that such a network can generally be regarded as a closed system (in terms of information, signals, and emissions security) unable to be accessed from the outside world. The downside is that transferring information (from the outside world) to be analyzed by computers on the secure network is extraordinarily labor intensive, often involving human security analysis of prospective programs or data to be entered onto air-gapped networks and possibly even human manual re-entry of the data following security analysis.
Examples of the types of networks or systems that may be air gapped include:
- Military/governmental computer networks/systems
- Life-critical systemLife-critical systemA life-critical system or safety-critical system is a system whose failure ormalfunction may result in:* death or serious injury to people, or* loss or severe damage to equipment or* environmental harm....
s, such as:- Controls of nuclear power plants;
- Computers used in aviationAviationAviation is the design, development, production, operation, and use of aircraft, especially heavier-than-air aircraft. Aviation is derived from avis, the Latin word for bird.-History:...
, such as FADECFADECFull Authority Digital Engine Control is a system consisting of a digital computer, called an electronic engine controller or engine control unit , and its related accessories that control all aspects of aircraft engine performance...
s and avionicsAvionicsAvionics are electronic systems used on aircraft, artificial satellites and spacecraft.Avionic systems include communications, navigation, the display and management of multiple systems and the hundreds of systems that are fitted to aircraft to meet individual roles...
; - Computerized medical equipment.
- Very simple systems, where there is no need to compromise security in the first place, such as:
- The engine control unitEngine control unitAn engine control unit is a type of electronic control unit that determines the amount of fuel, ignition timing and other parameters an internal combustion engine needs to keep running...
in an automobileAutomobileAn automobile, autocar, motor car or car is a wheeled motor vehicle used for transporting passengers, which also carries its own engine or motor...
; - A digital thermostatThermostatA thermostat is the component of a control system which regulates the temperature of a system so that the system's temperature is maintained near a desired setpoint temperature. The thermostat does this by switching heating or cooling devices on or off, or regulating the flow of a heat transfer...
for temperature and compressor regulation in home HVAC and refrigeration systems. - Electronic sprinklerIrrigation sprinklerIrrigation sprinklers are sprinklers used on farms, golf courses, and yards, to provide water to vegetation and plants in the event of drought. They may also be used for recreation, as a cooling system, or to keep down the amount of airborne dust....
controls for watering of lawns.
- The engine control unit