More on Air Gaps

17 Mar

While Air-Gaps are a good conceptual solution, in practice beyond Schneier’s single PC example, they are very hard to achieve. There is nearly always a backdoor to be found somewhere that an attacker can exploit.

Opinion is divided, as can be seen of various discussions about air-gaps, as to how to solve the issue if you do need true network separation. A report attributed to NIST suggests that when they investigated industrial control systems that claimed to be air-gapped, they in fact found on average 7 connections.

My perspective is the various backdoors are typically there because someone or some process needed access for some ad-hoc purpose. Often remote maintenance.

The issue occurs because the person or process has a need, the front door is shut, so they implement a backdoor. So I argue it makes better sense to have a controlled front door, in which legitimate access can be granted to a specific business process on an as-needs basis. If the security assurance of the perceived air-gap is needed, another option to consider is a data diode to ensure data only flows one way.

Subsequently, articles such as “Air gaps: Happy gas for infosec or a noble but inert idea?” show how even effective front door air gaps can be bypassed by side channel attacks. But I note that for these to succeed, you first need to infect the air-gapped machine (or be in close proximity) i.e., once the system is broken, it can be exploited. This only goes to confirm that an air-gap does not remove the need for good cyber-hygiene on the air-gapped system.

This does not mean air-gaps are ineffective, it just means that a suitably well motivated and resource adversary can defeat your defences. There are no perfect solutions, the critical thing is to know what you are protecting, who you are protecting it from and have a way of assessing residual risks. In this context air-gaps can be an effective defence, as can data diodes.

(The first half of this post originally appeared as comments to a blog article by Rob Ellison)

One Response to “More on Air Gaps”

  1. Ronald Duncan April 12, 2016 at 19:46 #

    Air gaps are cheap and easy to implement provided you do not need to connect to external networks.

    Our old method was to remove the coms ports from the motherboard soldering iron, and store the hard drive in a safe when the isolated PC was not attended, and rekey any data required, or have a secure way of transferring data from a physical medium to the pc. The problem is that floppy disks, USB key fobs etc etc have a habit of getting infected.

    Fiber optic network and 3 meter air gaps between networks works well if you have to network a group of PC’s together, with a dedicated PC for transferring data between networks e.g. back up email from one network transfer validate and then load onto the other network to get over the airgap. Data diodes and message pumps now make this easier, but you need to log and validate all cross traffic.

    Unless you are working on military projects this is all over the top, but the problem was solved decades ago when we had serious adversaries in the form of the USSR etc.

    Like

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: