The Ultimate Defense: What Is an Air Gapped Computer?

Physically cut an Ethernet cable to a laptop.a_v_d /

When you read about cybersecurity, you will probably see people talking about “idle” computer systems. This is the technical name for a simple concept: a computer system that is physically isolated from potentially dangerous networks. Or, in simpler terms, using an offline computer.

What is an empty air computer?

An airspace computing system does not have a physical (or wireless) connection to unsecured systems and networks.

For example, suppose you want to work on sensitive financial and business documents without any risk of ransomware, keyloggers, and other malware. You decide that you are just going to set up an offline computer in your office and not connect it to the Internet or a network.

Congratulations: you have just reinvented the concept of the computer air gap, even though you’ve never heard of the term.

The term “air gap” refers to the idea that there is an air gap between the computer and other networks. It is not connected to them and it cannot be attacked through the network. An attacker would have to “go through the air gap” and physically sit in front of the computer to compromise it, since there is no way to access it electronically over a network.

When and Why Do People Air Gap Computers

An electrical engineer in front of computers in the control room of a thermal power plant.Suwin /

Not all computers or IT tasks need a network connection.

For example, imagine critical infrastructure like power plants. They need computers to run their industrial systems. However, these computers do not need to be exposed to the Internet and the network – they are “spaced out” for security reasons. This blocks all network threats, and the only downside is that their operators must be physically present to control them.

You can also separate computers at home. For example, suppose you have older software (or a game) that works best on Windows XP. If you still want to use this old software, the safest way to do so is to “separate” the Windows XP system. Windows XP is vulnerable to a variety of attacks, but you are not as at risk as long as you keep your Windows XP system off networks and use it offline.

Or, if you are working on sensitive business and financial data, you can use a computer that is not connected to the Internet. You will enjoy maximum security and privacy for your work as long as you keep your device offline.

How Stuxnet attacked air gap computers

Isolated computers are not immune to threats. For example, people often use USB drives and other removable storage devices to move files between empty space computers and networked computers. For example, you can download an application to a networked computer, place it on a USB drive, bring it to the empty space computer, and install it.

This opens up an attack vector, and it’s not a theoretical vector. The sophisticated Stuxnet worm worked this way. It was designed to spread by infecting removable drives like USB drives, giving it the ability to pass through an “air gap” when people connect these USB drives to empty space computers. He then used other exploits to spread across vacuum networks, as some vacuum computers inside organizations are connected to each other but not to larger networks. It was designed to target specific industrial software applications.

It is widely believed that the Stuxnet worm has done a great deal of damage to Iran’s nuclear program and that the worm was built by the United States and Israel, but the countries involved have not publicly confirmed these facts. Stuxnet was sophisticated malware designed to attack spaced systems – we know that for sure.

Other potential threats to idle computers

A hand inserting a USB flash drive into a desktop computer.Sergio Sergo /

There are other ways that malware can communicate over idle networks, but they all involve an infected USB drive or similar device introducing malware into the idle computer. (They can also involve someone physically accessing the computer, compromising it, and installing malware or modifying its hardware.)

For example, if malware was introduced to an airspace computer through a USB drive and another infected computer was nearby with an Internet connection, the infected computers might be able to communicate through the blade. air in high frequency audio data transmission using computer speakers and microphones. This is one of the many techniques that were demonstrated at Black Hat USA 2018.

These are all pretty sophisticated attacks, much more sophisticated than the average malware you’ll find online. But they are of concern to nation states with nuclear programs, as we have seen.

That said, gardening malware could also be a problem. If you bring an installer infected with ransomware on an empty air computer via a USB drive, this ransomware could still encrypt the files on your empty air computer and wreak havoc, forcing you to connect it to the internet and pay money before decrypting your data.

RELATED: Want to survive the ransomware? Here’s how to protect your PC

How to separate air from a computer

An Ethernet cable unplugged from a laptop computer.Andrea Leone /

As we’ve seen, it’s actually quite easy to break a computer’s air: just disconnect it from the network. Do not connect it to the Internet and do not connect it to a local network. Disconnect all physical Ethernet cables and turn off the computer’s Wi-Fi and Bluetooth hardware. For maximum security, consider reinstalling the computer’s operating system from approved installation media and using it completely offline afterwards.

Do not reconnect the computer to a network, even when you need to transfer files. If you need to download software, for example, use a computer connected to the Internet, transfer the software to something like a USB drive, and use that storage device to move files back and forth. This ensures that your empty space system cannot be compromised by an attacker on the network, and it also ensures that even if there is malware like a keylogger on your empty space computer, it cannot communicate data over the network.

For better security, turn off any wireless network hardware on the empty space PC. For example, if you have a desktop computer with a Wi-Fi card, open the PC and remove the Wi-Fi hardware. If you can’t do this, you can at least access the system BIOS or UEFI firmware and turn off the Wi-Fi hardware.

In theory, malware on your compressed air PC could re-enable the Wi-Fi hardware and connect to a Wi-Fi network if a computer has working wireless networking hardware. So, for a nuclear power plant, you really want a computer system that doesn’t have wireless networking hardware inside. At home, simply turning off the Wi-Fi hardware may be enough.

Also pay attention to the software you download and bring to the system empty. If you are constantly transferring data between an empty space system and a non-airspace system via a USB drive and both are infected with the same malware, the malware could exfiltrate the data from your empty space system through the USB drive. .

Finally, make sure that the air computer is also physically secure – physical security is all you need to worry about. For example, if you have a critical vacuum system with sensitive business data in an office, it should probably be in a secure area like a locked room rather than in the center of an office where various people are still walking around. . If you have a laptop with sensitive data, store it securely so it won’t be stolen or physically compromised.

(Full disk encryption can help you protect your files on computer even if it is stolen.)

In most cases, it is not possible to rule out a computer system. Computers are generally so useful because they’re networked after all.

But airspace is an important technique that ensures 100% protection against network threats if done correctly. Just make sure no one else has physical access to the system and don’t bring malware on the USB drives. It’s also free, with no expensive security software to pay or a complicated setup process to go through. It is the ideal way to secure certain types of computer systems in specific situations.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.