An air-gapped network (or system) is isolated from all other networks. This essentially means that the system or the network is physically not connected to any outside network, whether it is the internet or a local area network. The term “air-gapped” is derived from plumbing and refers to the air gap used to maintain water quality.
Coming back to computer networks, air-gapped networks are primarily seen in high-security environments like military and government networks, intelligence systems, nuclear power plants, or avionics. The key motivation behind installing air-gapped networks is the sense of security it provides to the enterprise.
How do air-gapped networks work?
Since air-gapped networks have no network interfaces, they theoretically have no wired or wireless connections to the outside world. Their wireless controllers are disabled which renders the entire network a “closed system”. The only way for data to enter or exit this kind of network is through using physical mediums like USB Drives or CD-ROMs.
Air-gapped networks are generally used to isolate critical infrastructure from the corporate network so that such crucial information is not compromised. These assets are integral to the organization and could cause irrevocable damage if lost. That’s why security administrators prefer to contain such information in air-gapped networks that have no connection with the overall corporate network.
Yet, air-gapped networks may also provide a false sense of security. There is an inherent assumption that, since air-gapped networks do not have any access point, they are completely secure and. Hence, do not need to be examined or assessed from a security standpoint. Unfortunately, that kind of perspective may often lead to security problems.
Are they truly secure?
Firstly, air-gapped networks can still be accessed through physical storage devices. As we have observed, USB devices are commonly used to propagate various types of malware. They can be used for a range of malicious activities such as data exfiltration, installation of malware & keylogging devices, etc.
The biggest example of this kind of malicious activity was the Stuxnet worm. Discovered in 2010, it caused substantial damage to Iran’s nuclear program, causing centrifuges to tear apart. The worm was introduced to the environment through infected USB drives, hence providing a stark reminder that air-gapped networks can be compromised with great effect.
Secondly, even though air-gapped networks are separated from the outside world, they aren’t separated from another key cybersecurity threat: human beings themselves. Social engineering remains a key threat factor and, in this type of situation, the risks are magnified. Insider threats like rogue employees can still be used to access the air-gapped network. Employees with access to specific air-gapped networks might find their removable storage media infected with malware which when inserted into an air-gapped system, could go on to infect the system and the network.
Isolation does not guarantee security!
Ultimately, as technology advances, there is no guarantee that mere isolation from an outside network will keep an air-gapped system safe. There have been instances where data exfiltration has happened through other methods also, such as unknown backdoors introduced into software/hardware, FM frequency signals, thermal hacking, or through Near-Field Communication (NFC).
The takeaway is that air-gapped networks don’t need to be completely secure solely based on their isolation. Enterprise networks must also implement cybersecurity measures for these networks with an added emphasis on access controls and removable storage. Organizations can consider Seqrite’s range of network & server security solutions to bolster their air-gapped systems.
No Comments