Ours is a deeply interwoven and breachable world, which often means trouble for enterprise security. According to IBM’s 2020 Cost of a Data Breach Report, the average cyberattack costs a business $3.86 million, and the United States’ average cost per breach has reached $8.6 million. There is some good news though: businesses that are investing in better network security infrastructure and policies, such as incident response and security automation, are saving anywhere from $2 million to $3.58 million when a breach does occur. Although it won’t work for every business model, air gapped networks can provide one of the highest levels of security to enterprise infrastructure when they are managed closely, stopping many potential breaches in their tracks.
Readers also Read: End-to-End Encryption: Important Pros and Cons
Taking a Look at Air Gapped Networks
- What is an Air Gapped Network?
- How Do You Air Gap a Computer?
- How Secure are Air Gapped Networks?
- Why Air Gapped Networks are Important
What is an Air Gapped Network?
An air gapped network is a network that has been separated from other public and private networks with an effective “gap of air.” This means that the air gapped network is disconnected from the public internet, external email, and any other ways of directly communicating from one network to another.
Consider this visual: if two mountains are separated by a valley, the only way to make it to the other mountain is via a direct path or form of transportation, which could be anything from a bridge to a helicopter that will fly you over there. The bridges and helicopters in this scenario exemplify the external network connections, like public network access and email messages, that make it easier for hackers to latch onto and gain access to a private network.
But let’s say that these two mountains are in a highly isolated part of the world and there’s no form of transportation or other access to cross between the mountains. The valley between them is a gap of air, one that few travelers will want to take the time and risk to traverse. In the same way, adding a gap of air between your private network and other public networks wards off most attacks because the attack vector has been complicated through isolation.
Data movement in an air gapped network can only happen via external, non-network means: removable hardware or media like a USB drive can be used to transfer information in and out of an air-gapped network, and transient devices like laptops can be authorized to connect to the air gapped network, though with very specific permissions. Think of these as hidden paths or special access transportation that only authorized travelers can use to access your air gapped network. But these require a human with physical access to both machines, along with proper authentication credentials.
More on Enterprise Networks: Understanding VPNs: The Pros and Cons of IPSec and SSL
How Do You Air Gap a Computer?
Air gapped computers closely resemble air gapped networks, but they’re more focused on the device and personal use levels. The idea is to disconnect the individual device from any outside networks or information, and it can be used for reasons ranging from increased personal privacy to improved performance of non-network applications.
In order to air gap a computer, you’ll need to completely disconnect it from everything else. That means disabling WiFi and Bluetooth, disconnecting from the ethernet cable, and double checking that no other forms of communication or data transference are available. Air gapping a computer involves disconnecting cables and disabling all network hardware.
How to Stay Secure When You Can’t Air Gap: VPN vs. SDP vs. ZTNA: Who Won 2020?
How Secure are Air Gapped Networks?
Air gapped networks theoretically make up one of the highest forms of network security, because the increased levels of isolation make it difficult for information to be accidentally or purposely moved to and from that network. Most hackers only have the skill level or patience to perform a network-level attack from a distance, but air gapping almost necessitates that they gain direct in-person access to a network device. They cannot simply hop over from another network or get logins through phishing communications, so most malicious actors will stop before they ever breach your network.
However, there are valid and proven concerns about the actual physical security of air gapped networks, namely the transient devices that are allowed to connect to it. Who’s to say what happens to a USB drive or laptop before, during, and after its time connected to an air gapped network? What if an authorized user accidentally or purposely uses this hardware to carry information (or malware) to and from the network? The Stuxnet worm case from 2010 is a strong example of how network hardware can cause damage, as that particular strain of malware spread to Iranian industrial and nuclear plants via USB drives.
Network Policies to Secure Air Gapped Networks
Ultimately, air gapped networks are only as secure as your networking and security policies are willing and able to make them. They can be nearly foolproof if strict network policies are put in place and constantly overseen by network administrators. Consistent monitoring should especially be applied to removable media, transient devices like laptops and computers, modems, and VPNs.
Here are just a few steps that your network administrators should take to make their air gapped networks as secure as possible:
- Enforce strict policies about where air gapped network hardware can physically go, who can use it outside of designated physical areas, and how it can be used. It’s a good idea to limit these devices to upper-level management, power users, and anyone else who absolutely needs that level of access.
- Invest in strong network monitoring practices and tools so that you can immediately catch users and devices if they overstep in data access and sharing privileges.
- Develop a detailed network audit checklist that can help you to set and enforce policies for both devices and users on the network.
Why Air Gapped Networks are Important
Although there are some doubts about how effective air gapped networks currently are and how effective they’ll be as the growth of AI and IoT devices necessitates always-on communication between private and public networks, there are still many security and workflow advantages to be found in an air gapped network:
- Air gapped networks increase isolation and secrecy, thus increasing security in high risk scenarios and industries (i.e. government, military, etc.).
- You can easily protect and separate your highly secure programs that don’t need constant network access.
- Remote hacking is nearly impossible; you have to be onsite, which makes it more difficult for hackers to gain access.
- Payment and control systems can be kept separate from the rest of the public or private network(s) that your business uses.
In a world where security breaches are costing businesses millions of dollars every year and major security breaches hit the news on an almost weekly basis, air gapping your network is one of many choices you have to protect your data and users from a growing number of malicious actors.
Security Measures that Can Prevent Cyber Attacks: What Lessons Can CIOs Learn from the Colonial Pipeline Hack?