Monday 23 December, 2013
The simplest and most effective way to keep data secure is what’s called the air gap (also sometimes called the air wall). To make an air gap, you keep a computer network physically isolated from any unsecured public networks. When you need to transfer data to the isolated computer, you walk it over. The idea is that hackers and worms can’t get into the secure network through internet use. They’d have to hop out of the computer and walk over to the isolated computer.
The World’s Most Infamous Air Gap
Osama bin Laden used an air gap to plan his attacks and it was so effective that government intelligence experts the world over couldn’t find out what he was doing. His air gap is a pretty extreme example. He would type his email messages on a computer in his compound where there were no phones or internet access. He’d save the messages to a small flash drive, give the drive to a courier who would travel crazy distances through the desert to a faraway internet café, plug in the flash drive, copy, paste and send. The courier would then collect incoming messages and head back across the miles of desert. That’s one serious air gap.
Most air gaps aren’t that extreme. It could just be a computer in a secure area of the building that only few people have access to. The term ‘air gap’ is also used to refer to sophisticated cryptographic devices that can send data in a secure way. It basically means establishing no way whatsoever that computers can communicate with each other, and thus there’s no way a threat can be passed along.
The Problem with Air Gaps
Air gaps are perfectly secure but not always practical. You don’t have to put a desert in Pakistan between your computers to have a good air gap, but even transferring data from an unsecure to a secure computer in the next room can be a hassle. Years ago when air gaps were more widely used, there were fewer communications than there are today. With all of your emails, software updates, design flaw fixes and other minor communications, it’s just too much running back and forth.
The idea has come under fire recently in security circles partly because there are so many other methods today that are more feasible. New methods that provide nearly the same security as an air gap include things like unidirectional gateways (also known as data diodes) that allow data to be sent one way. These are used in high security environments like the defense industry or public infrastructure.
Air gaps are still used when the utmost security is needed, such as utility companies, power plants and military installations. But for most businesses, the cost of maintaining the air gap and running data back and forth is too much.