Contents
Introduction
The threat of cyber attack is as important as ever nowadays, with the number of data breaches and cybercrimes growing at an alarming pace with every passing year. It would be a rare company that is not frequently transmitting many kinds of data between its internal or/and external devices, so it is fairly easy to understand how ransomware attacks are so common these days.
In fact, these growth rates are so alarming that Cybersecurity Ventures predicts a ransomware attack happening somewhere on the planet every 2 seconds by the year of 2031, with the annual ransomware costs being a massive $265 billion. With data security being this big of a priority for the past few years (and considering the fact that the trend in question shows no signs of stopping) – it is easy to see why data security has become one of the most prioritized topics for the overwhelming majority of companies in the world.
There are many ways to approach data security, and the topic itself can be extremely complex. The classic approach to data security tended to be about building a secure “perimeter” around a company’s internal network, with multiple layers of security preventing threats affecting what is inside of that “perimeter”.
This kind of approach worked well for quite a while, but the increase in Internet usage – and ways to use it – the world over, coupled with the drastic increase of remote teams in companies led to this security approach becoming less effective over time. In more recent years, a different approach started to gain popularity – a data-centric security system.
The traditional security approach often had issues with protecting data not stored inside of the “perimeter” around the company’s internal network. In its place, a data-centric security approach was presented to these issues. The data-centric security method uses a lot of context to protect the data itself, rather than the fixed perimeter.
However, this particular system can be difficult to implement, and is a significant investment of both time and resources for companies – some of the reasons why it is perhaps not as popular as it could be. Meanwhile, the traditional “perimeter” security model remains fairly popular.
Having established the general background of a couple of data security models, it is time to move on towards the main topic of this article – air gapping.
The definition of air gapping
Air gapping is a relatively old concept in the context of data security. It is also often the last line of defense against either system failures or malicious acts against a company’s sensitive information. Air gapping is a security measure that uses physical isolation from other devices and networks to prevent unauthorized access to sensitive information.
The shortest way to describe how air gapping works is the word “isolation”. Air gapping implies physical separation of a device or a network of devices from outside influence, including both physical and wireless connections – meaning that FTP clients, browsers and email clients within this network are completely disconnected from the rest of the world.
Benefits of an air gapped system
The biggest reason why air gapping is considered this advantageous in terms of security is rather simple – the overwhelming majority of security threats are spread via either the Internet or the ability of workstations and regular PCs to connect to one another, as well as to all kinds of other, different devices.
Another advantage of air gapping is its position as a “final resort” of sorts, ensuring that at least one copy of a company’s data survives no matter what. In this context, air gapping plays an important part in the well-known “3-2-1” backup strategy already used by a lot of organizations.
The gist of this rule is that there should always be at least three copies of your data at all times, with at least two different storage mediums involved in storing your backups, and at least one copy of your data being always stored offsite – away from your company’s internal network and physically far from the main office’s location. The last part of this rule – a backup copy stored offsite – is a perfect use case for air gapping to be implemented, making sure that your data cannot be lost completely no matter what kind of issue you are going to encounter.
The overall state of an air gapped system that acts as a backup copy is also a great way to counter some of the more unconventional methods that ransomware and/or insider threats may bring. One such problem is when a virus or a malicious person is attempting to sabotage every copy of the company’s data before tampering with the original – to ensure there is no recovery from a ransomware attack or a data deletion event. As such, the isolated nature of an air gapped system makes it a lot harder for this kind of sabotage to be 100% successful, improving the company’s chances of recovering as a whole.
On the topic of air gapping advantages, one of them can be regarding legacy software. The lack of Internet connection can make it possible to deploy sensitive legacy software in a more reliable way when it is in an air gapped environment, ensuring that it would not be able to accidentally update itself to a newer version and potentially become unusable for its intended use. The use of legacy software does have its own risks however, but it is difficult for some software types to be updated often enough to keep up with the overall speed of technological development, especially when it comes to highly specific software or hardware.
However, it is also important to remember that air gapping itself is not necessarily a perfect solution to all of your security problems. There are multiple issues that the air gap security approach has, ranging from general inconvenience to a significant downside, in the form of the human factor.
Shortcomings of an air gapped system
The first group of issues here is perhaps obvious – the extra work involved in the process of adding, modifying, and removing data from an air gapped storage device. Since all of the wired and wireless connection interfaces are removed, the only way to access these kinds of storage devices is to use some sort of external attachable method of data transferring – of course, that’s part of the whole point of air-gapping.
The so-called “human factor” is the second part of the problem. Since the entirety of interactions with an air gapped system typically relies on human input in the first place, there is always a chance that one of the security measures in place may not be reset correctly or secured properly enough, creating a gateway for attackers to use. Examples could be an unlocked door, an unguarded USB port, etc., or even a malicious employee. There are also problems with regular security updates and different IoT appliances near the server itself, although both of those can be worked around if enough attention is put into the task.
Another consideration of air gapping that is becoming increasingly relevant in the modern day is the sheer practicality of managing such a system, systems or standalone network that needs to be air gapped. An example of that could be a large military airport. .It could be affected or compromised by a worker or a third party with a malicious intent. The sheer volume of people and IT Systems increases the danger of compromise; large military airports typically have processes that often require dozens, if not hundreds of people within its physical perimeters, it is easy to see how this becomes a problem for the concept of an air gap. It may be difficult to put in place and continuously enforce security measures, including monitoring and controlling every single person near USB ports or tape drives.
As such, there are both advantages and disadvantages to an air gapped system. It has the potential to be an excellent security option, but the amount of work needed to make it strong enough is a reason why some organizations only use air gapping for some of their most critical and important data.
Examples of air gap cyber security systems
Here are some examples of air gapping use cases:
- Both state-level and national lottery game servers have to be completely isolated by default to exclude any possibility of a lottery fraud.
- Stock exchanges and other financial computer systems have to be air gapped for a very similar reason; that is the possibility of fraudulent information being distributed.
- Life-critical systems in many forms have to be air gapped – and there are many examples of such systems, from computerized medical hardware and aviation control systems to nuclear power plant controls. The disastrous consequences of even one of these systems being compromised clearly illustrates why all of them may have to be air gapped.
- Industrial control systems in various fields also have to have only the best possible security measures, for a number of reasons. A good example of those is the field of Oil and Gas production, with SCADA (Supervisory control and data acquisition) systems being the ones that need protecting.
- Many types of government-related networks and systems have to be air gapped, as well as military networks, nuclear power stations, etc.
Note, some versions of these systems may not be considered as truly air gapped anymore, because some of them have added features that allow them to establish a temporary connection to either the Intranet, or the public Internet – be it for the sake of security updates, monitoring, or data transfer.
Different types of an air gapped system
There is not only one single air gap security standard that should be followed. In fact, there are different types of air gapping, such as:
- Logical air gapping is a somewhat unusual or “impure” type, since the very definition of air gapping implies that there needs to be a physical isolation for the concept to work. However, logical air gapping aims to keep the devices or systems within the same network physically – but separates them logically. There are multiple ways to perform this kind of separation and most of them require advanced systems and technologies, such as a combination of RBAC (role-based access control) and data encryption.
- Isolated air gapping is having a system located in the same environment as the rest of the devices, but not connected to the same network. This kind of arrangement can be useful in some cases, but it also defeats the purpose of air gapping to a certain degree.
- Physical air gapping is the main case we have discussed above – a complete physical separation of a system or a network, including both hardware and software. A complete separation of hardware is in order for this air gapping type, and there are also many cases when additional security measures are installed for this new remote location – mostly revolving around physical access restrictions.
Air gap security vulnerabilities
Air gapping provides a considerable and highly significant level of protection against cyber threats. However, it is important to understand that air gapping is not a solution to every data security problem. Air gapping has its own issues and vulnerabilities, even though most of them are extremely case-specific and are unlikely to be used by anyone without an actual malicious intent.
As we have mentioned before, while there is little to no way to infect or influence an air gapped system using wired or wireless networks, there can actually still be (albeit rather exotic!) ways of breaching air gapped systems. For example, a solution called AirHopper was presented in 2014, showcasing a way to transfer data from an air gapped system to a mobile phone with a bifurcated attack pattern transferred via FM frequency signals.
Another method (published in 2015) called GSMem uses a similar idea of extracting data from an air gapped system – but this one uses cellular frequencies to do so, using a standard internal bus that can be connected to almost any regular computer.
There are also multiple researches on how infected USB devices can leak data from air gapped systems – ProjectSauron is one such example, being discovered in 2016 (even though it operated undetected for about five years before that) and showcasing how hidden Windows partitions can be used as transport channels from an air gapped system to a regular computer.
NFC (Near-field communication) was also a technology transformed into a gateway for air gapped systems, with a solution called NFCdrip that was presented in 2018. It was also a showcase of how NFC has far greater capabilities than most people think of – offering up to 100 meters of effective range in specific cases.
Of course, these are just a few of many examples on how air gapped systems can theoretically be accessed by a person experienced enough in these technologies. However, it is worth noting that a lot of this research was performed as a proof-of-concept rather than a ready-made solution for breaking into air gapped systems.
Conclusion
Air gapping is a concept that offers a practically unprecedented level of security for a company’s most important and sensitive data. Air gapping remains a popular data security approach to this day, safeguarding the information of hundreds and thousands of companies. As a result of frequent ransomware attacks – that even target backup and recovery systems themselves, air gapping is to some extent back in the spotlight.
For the many organizations that require air gapping as part of their security strategy and business continuity needs, Bacula Enterprise offers advanced and flexible software to quickly and easily provide highly secure backup and recovery, integrating air gapping methodologies into even the most complex IT environments.
Bacula is used by some of the largest defense organizations in the world, as well as a large number of medium and large companies that treat security and Business Continuity as paramount. Bacula’s software architecture and specific security features make it especially robust against ransomware and other malware. Bacula recommends that any organization’s data protection is taken extremely seriously; please contact Bacula to speak with a senior expert in highly secure backup and recovery software.