A-Z Popular New Security Search »
Information Security
 
Confidential Information

Cybersecurity Risk

Network Security

Personal Data

10 Examples of an Air Gap

 , updated on
An air gap is a computer network that is designed such that it can't physically connect to other networks such as the internet. This is a basic type of information security for military systems, medical devices, secure facilities such as prisons and critical infrastructure such as nuclear power. Air gaps are also commonly used to reduce information security risks and costs with a back-to-basics approach to protecting systems and information. The following are illustrative examples of an air gap.

Standalone System

An air gap can be implemented as a standalone system with no networking capabilities whatsoever. For example, a medical device that contains a microcontroller but has no interface to connect to the outside world.

Offline Storage

Data storage devices that are only connected to computers that are offline. For example, a professional musician with a vault of unreleased material that is stored on encrypted data storage devices in a recording studio. Such devices are only connected to musical instruments and computing devices that have no connection to the internet or outside networks.

Stand-alone Network

A network that connects local devices without any physical way to connect to the internet or unsecured networks. For example, the human resources team of a small regional bank want to restrict confidential employee data to three machines that have no outside network connection. The three machines are networked together and attached to various data storage devices. The machines in the network and attached devices have no wireless networking capabilities and are not connected by wire to the internet or the office's local area network.

Large Networks

An air gap network isn't necessarily contained to one site and can be geographically distributed at a global, regional, city or campus scale. For example, a globally distributed control system for a pipeline that is completely isolated from unsecured networks. Large air gap networks are often challenging to physically secure. For example, wireless or wired communications running great distances may be intercepted or manipulated.

Physical Security

A hydroelectric dam maintains control systems that aren't networked to the outside world. These systems are physically secured in a management office that can only be accessed by authorized individuals with a variety of security measures in place such as an access control system and security system.

Segregation Of Duties

A hedge fund is developing financial trading algorithms in a small room with no network connections out and advanced physical security measures such as a mantrap. They often use segregation of duties to ensure that no one person can remove or bring in data to the room. For example, any updates to the system involve multiple trusted people that have different roles such that no single person could install a malicious file.

Signal Blocking

A nuclear power station is completely unconnected to any networks. Efforts are made to block wireless networking signals in sensitive areas of the facility.

Hardware Validation

Modern hardware may contain networking capabilities that is not well documented. This may be done to implement functionality such as remote support or software updates. Alternatively, networking capabilities may be built into things for malicious purposes. As such, implementing a secure air gap network requires carefully reviewing any hardware that comes into contact with the system including external storage devices and peripherals such as a keyboard.

Updates

Air gap networks can only be updated by connecting outside data storage devices. This is a high risk operation and is a common way for air gapped systems to be compromised. Updates to air gap networks require a secure end-to-end procedure that includes a chain of trust for the files you are using and segregation of duties that ensure no single person can add malicious files. The security of updates are also completely reliant on the integrity of the data storage hardware used.

Backups

Air gap networks are commonly backed up locally on the air gap network itself. Implementation of secure offsite backups requires a process with all the same elements as an update process including hardware validation, chain of trust and segregation of duties. Physical security for data leaving a facility is also an important consideration.
Overview: Air Gap
Type
Definition
A computer network that is designed such that it can't physically connect to outside networks or unsecured local networks.
Related Concepts

Networking

This is the complete list of articles we have written about networking.
Architecture
Campus Network
CDN
Client-Server
Endpoints
Extranet
Internet Backbone
Internet Of Things
Intranet
Last Mile
Microtrenching
Network Security
Peer-to-peer
Personal Branding
Pervasive Networks
Point Of Presence
Private Network
Proxy Server
Public Network
Reverse Proxy
Space Network
Tarpit
Telecom
More ...
If you enjoyed this page, please consider bookmarking Simplicable.
 

Network Security

An extensive list of network security techniques.

Christmas Tree Packet

An overview of Christmas tree packets.

Honeypot

A definition of honeypot with examples.

Overlay Network

Building networks on top of networks for security and privacy.

Proxy Server

A definition of proxy server with common examples.

Network Perimeter

A definition of network perimeter with examples.

Information Security

A list of information security considerations.

Technology Risk Management

A reasonably comprehensive overview of technology risk management.

Root Access

A complete guide to root access.

Not Applicable

The definition of not applicable or N/A with examples.

Patch Management

An overview of patch management with examples.

Offline Software

The definition of offline software with examples.

Personal Data Types

A list of the common types of personal data.

Digital Preservation

The definition of digital preservation with examples.

IT Gaps

An overview of IT gaps with examples.

IT Modernization

An overview of IT modernization with examples.

Cybersecurity Risk

An overview of cybersecurity risk at the organizational level.

IoT Security

The unique problem of security the internet of things.
The most popular articles on Simplicable in the past day.

New Articles

Recent posts or updates on Simplicable.
Site Map