Air Gap Computer Network Security
An air gap or air wall is a computer network security measure. Rather than have all your computers connected to a single local network, by network cables and/or wireless connections, one or more computers are offline, not connected to the local network or internet. The secure, air gap computer network is physically isolated from the other computers that are connected to the internet.
In the event that the vulnerable online network, connected to the public internet, becomes infected with a computer virus or malware, or is the victim of a hacker attack, spying, data breach or data intrusion, the isolated computers on the secure air gap network are not affected. They are not able to directly communicate with computers on the infected online network.
You may choose to keep confidential records, such as financial, tax, health, personal, proprietary and legal files, only on the secure network, which has no internet connection. It is offline and cannot communicate with the outside world.
The online network that is connected to the internet may be used for email, connecting to web sites for banking and online shopping, web browsing, and other internet applications such as training, webinars, voice communications (VOIP), streaming videos, music, photos, etc.
If any confidential files are downloaded from the internet, they can be encrypted and stored on removable media, such as a CD, USB flash drive or micro SD memory card for portability. Anti-virus and anti-malware software must be used to scan and detect any virus or malware on the online system and the removable media. If the removable media is scanned and is free from virus and malware, the removable media may be used to physically carry (aka sneakernet) the files to the secure system for loading and storage.
The secure air gap system must also use anti-virus and anti-malware software and security procedures to prevent and detect infection or data corruption problems. Removable media with a write-protect feature, or write once read many (WORM) media, such as a CD or DVD, will prevent data from the secure system from being written onto the removable media.
Once the confidential file is saved and verified on the secure air gap system, the other file copies on the online system and removable media should be erased, not deleted, using secure delete. Inexpensive media, like a CD, may be destroyed after one-time use.
With two separate systems, both systems will not be infected or damaged simultaneously, unless the infection is transmitted by cross-contamination, by using infected removable media on the secure air gap system. The isolation process is similar to a hospital keeping infected patients in a quarantined zone to prevent spreading an infectious disease to other patients.
For best protection, in addition to an air gap, there must be a radio gap and an audio gap. The separated computer systems must not be able to communicate by sending high-frequency audio signals using the computer microphone and speakers. The microphone and speakers should be turned off or removed. High frequencies, above 20,000 Hertz, might not be heard by humans but could be heard by computer microphones.
The secure air gap network must also be kept away from Wi-Fi, cell phones, Bluetooth, and infra-red devices, so that no communication may occur by radio waves. A software firewall should be installed to block outside communications.
Air gap systems are often used for critical systems such as military, government, financial institutions, medical facilities, industrial facilities, power plants, emergency power systems, and aviation. The air gap system should be kept in a separate, monitored area, with limited access and a high degree of physical security.
Sometimes, secure systems are also enclosed in a Faraday cage, a metal enclosure that blocks radio signals from being transmitted or received. Some home computer users have used a grounded metal trash can with a metal lid as a simple, low-cost Faraday cage.
An air gap system may be used to isolate confidential data and industrial controls from an online network for higher security. Or, an air gap may be used to keep an offline network secure, to be used as a redundant backup system in case the online network becomes infected or inoperable.
In this age of frequent computer attacks, hacks, intrusions, data breaches, viruses and malware infections, an air gap system can help to keep a business operational during a cyber attack or cybercrime.
Update: Audio Gap Security Research
This blog post has been cited as a reference source for work done at the Cyber Security Research Center at Ben-Gurion University in Israel. Their work has shown that a hard disk drive actuator or a computer fan can be manipulated by malware to generate covert audio signals that transmit captured data such as passwords or keystrokes from an infected computer to a nearby audio receiver, even if the computer speakers and microphone are disconnected.
Their work has been published in technical papers on several computer technology sites including Wired magazine June 2016, technical research archive site Springer, Cornell University Library arXiv, Communications of the ACM magazine April 2018, USENIX Workshop on Offensive Technologies (WOOT ’17), and at the 2017 European Symposium on Research in Computer Security (ESORICS 2017), proceedings part 2, Google ebook.
Thank you for your research and the citation.
Updated [2018-04-19] add audio gap research paper links