Web Gateways,
Redefined.

Designed for Distributed. Built for the Cloud.
Delivered as a Service.

Blog

Enhanced air gapping for cybersecurity

Is there still a path to air-gapping nirvana?

‘Time was you could disconnect a computer from all networks and, voila, you were well on your way to air-gapping for information security. Sadly, yesterday’s air-gap security model is today’s vulnerability. Size up the latest attacks on air-gapped computers and the means to mitigate them and put your mind at ease.

Attacks on air-gapped machines

Various experiments and high-profile attack tools have proven you can retrieve data from an air-gapped computer by means other than a network connection. There are, for example, hacks that count on malware infection when unsuspecting technicians unwittingly service or add files to air-gapped machines using stealthily-infected thumb drives. Crackers who then infect smartphones nearby could use them to receive the data the air-gapped machine sends.

Using one method, the malware on the air-gapped computer manipulates the CPU's IPS and core load to alter the magnetic field the processor naturally emits. Crackers could use the "low-level magnetic frequencies" to send signals, then "piggyback" the signals with the computer's data to send it to a receiver. A different piece of malware uses a smartphone’s magnetometer as the receiver to capture the signals and the exfiltrated data.

High profile attack tools and methods people use on air-gaps in the field include Brutal Kangaroo and Stuxnet, which also rely on thumb drives.

Best practices in air-gapping for cybersecurity

There are several best practices to make sure air-gapping works. Use thorough anti-malware scans on all media and devices you use to upgrade or update data on the air-gapped machine before each use. Make sure the security software can detect the kinds of attacks that concern you.

Use cryptographic hashes to ensure that no one has altered the software updates before you apply them. Employ an OS built on a platform that is immune to most air-gap malware attacks. If, for example, you are concerned about attacks that affect Windows machines, try using Linux or another OS. The less popular the OS, the less it is likely that an elite coder will write malware that works on that OS.

Use the most robust encryption you can afford to keep the data on the air-gapped machine garbled even if someone does manage to snatch it. Seal off all connection ports such as Ethernet and USB. There are home-grown and commercial solutions to lock down these ports and prevent access. You can disable these ports and the associated adapters in the OS, as well.

Make sure to disable all wireless communications on the machine. Don’t permit any additional devices near the air-gapped computer or the room where you keep it.

Marketplace solutions

Some services specialize in penetration testing air-gapped machines. Consider the value of the data, your confidence in your air-gapping approach, and whether you could benefit from such a service. Investigate services accordingly.

Layered protection

Air-gaps are another excellent example of how layered security wins the day.

To learn more about how to install a layered defense approach, read "Defense-in-depth and the Distributed Gateway Platform"

 

David D. Geer (https://www.linkedin.com/in/daviddgeer/) writes about cybersecurity and technology for national and international publication. David’s work appears in various trade magazines from IDG in the U.S. and around the world in several languages. ScientificAmerican, The Economist Technology Quarterly, and many magazines and companies have used David’s content. David’s Google Scholar Page is at https://scholar.google.com/citations?user=ZkKA3fsAAAAJ&hl=en.

 

Topics: