Do Air Gap Environments Really Work?
Information and data are the new gold, and its security is crucial for every company yet there several attacks not only on data but also on critical infrastructure. There are multiple deterrents available against attacks and supposedly one of the most effective is having an Air-Gapped Environment. So, in this blog we are going to discuss the following points related to air-gapped environments:
- What is an air-gapped environment?
- Purpose, use, and users
- Advantages and risks
- Can it be improved?
As a reader, you can expect to gain a general understanding of an air-gapped environment solution, why it is used, what advantages it can bring to your network, and help you foresee its challenges before implementation.
Air-Gapped Environment Definition and Purpose
To oversimplify it, we can say that an air-gapped environment is one that does not have internet or external network access. The purpose of this is to reduce the risk surface by isolating the network from the outside world thus protecting it from attacks that can be generated via the internet. That being said, an air-gapped network can be connected to another network of the same organization via WAN solutions such as MPLS or SD-WAN.
Air-gapped environments are usually deployed in networks that host highly sensitive data such as payment systems, medical institutions, defense/military or government organizations, and infrastructure-based networks such as power, water, nuclear and traffic systems.
Advantages of an Air-Gapped Network
The advantage of an air-gapped network is quite simple, it does not connect to the internet so inherently it protects against a variety of attacks and vulnerabilities and reduces the risk surface. If no road leads to your house, neither can a robber. As the famous saying goes “everything is hackable”, applying this to our discussion we could say that if a network has internet connectivity, then theoretically speaking an attack could be launched from anywhere in the world but this is negated in an air-gapped network.
Risks in an Air-Gapped Network
While it may seem like a silver bullet to cyber-attacks, an air-gapped network is not without its risks. A bad actor will have to resort to other means to attack such an environment which means attacking via 3rd party factors which are a part of the environment. Following is a list of risks that could be associated with an air-gapped network, but these risks are not isolated to it. These risks overlap with all types of environments and can affect any network.
Service Providers
An air-gapped network might connect to a remote network of the same organization via WAN which requires a service provider, and a bad actor might attack these service providers through DDoS, Reflection Attacks, Brute Force, and Credential attacks.
Removable Media
There have been many real-life incidents where removable devices such as USBs, CD Drives, and Mobile Phones have been infected with specialized malware designed to infiltrate an air-gapped environment, a few examples being USBCulprit and AgentBTZ. The legendary Stuxnet Worm is known to have infiltrated Iran’s nuclear facilities through removable media.
Third-party Software and Applications
It is an open secret that many major software companies are hand-in-glove with their country’s Government to install a backdoor that can also be used as political tools as revealed by Edward Snowden. Also, attacks take advantage of bugs and gaps in the software code to launch zero-day attacks. One of the most infamous and stealth attacks in recent history has been the SolarWinds attack on multiple USA Govt. Departments, allegedly by state-sponsored Russian hackers.
Third-Party Hardware
Much like software, hardware devices too not only have backdoors, but hidden components installed to exfiltrate data to their CnC and they can be particularly lethal as they are not detected by any anti-virus software and can circumvent disk encryption. There have been multiple cases of counterfeit products being sold under a big brand name that have backdoors installed are indistinguishable from the genuine product by sight. As many as 20 countries have either a full or partial ban against the Chinese-based company Huawei for its 5G infrastructure as it has been alleged of installing backdoors.
Human Factor
They say humans are the weakest link in a security system. Personal devices of employees and vendors can easily be infected with malware which is used to infiltrate an air-gapped network. Phishing, blackmail, and honey pot are common techniques used by attackers to get someone to exfiltrate data from a highly secure data center without launching an attack or leaving a trace.
Bolster an Air-Gapped Environment
Just as everything can come under risk but the risks can be removed by one or the other aspect. However, an air-gapped environment can be made secure by following four pointer solutions:
Complete Awareness
It is necessary to be aware of all the latest threats that can harm a network that includes implementing threat intelligence and advanced tools which incorporate AI and ML, building a secure infrastructure from the ground up, and hiring skilled network security professionals who combined can thwart attacks before they cause damage.
Ban External Devices
Ideally, it should be synonymous with an air-gapped environment that all external/personal electronic items are banned. Items such as mobile phones (especially smartphones), USBs, CD Drives, SD cards, cameras, smartwatches, etc. Should be banned on the campus and breach of this policy should be heavily penalized.
Vetting of Personnel and Visitors
A thorough background check and verification of all personnel and third-party vendors on the campus should be verified and be given clearance to have only required access to the campus. All persons exiting the campus should be scanned for carrying any electronic items that can store sensitive information.
Awareness and Training
All persons that have access to an air-gapped environment should be given basic training on cybersecurity especially on topics such as what malware is, what harm it can cause, and how they can detect and be aware of it. They should also be aware that attacks can take advantage of them through blackmail and honey pot and that they should inform the proper authorities instead of submitting to the attackers.
Conclusion
Yes, air-gapped environments do work but not without the risks associated with them, but those risks are a concern for any kind of network and measures can be taken to minimize those risks. Depending on your environment and the sensitivity of the data stored in your network, one can decide to implement an air-gapped environment.
A hybrid solution implemented by Zindagi Technologies is that external-facing applications can have internet access, but the databases, sensitive information, and customer data are placed in an air-gapped environment isolating it from any attacks the applications might face. For a more customized solution and any queries, we can meet at our office, or you can reach out to us at +919773973971.
Author
Anant Seth
Network Consultant Engineer