Sponsored Links
-->

Tuesday, May 22, 2018

Tough SF: Physical Data Security
src: 4.bp.blogspot.com

An air gap, air wall or air gapping is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. The name arises from the technique of creating a network that is physically separated (with a conceptual air gap) from all other networks.


Video Air gap (networking)



Use in classified settings

In environments where networks or devices are rated to handle different levels of classified information, the two disconnected devices or networks are referred to as "low side" and "high side", "low" being unclassified and "high" referring to classified, or classified at a higher level. This is also occasionally referred to as "red" (classified) and "black" (unclassified). To move data from the high side to the low side, it is necessary to write data to a physical medium, and move it to a device on the latter network. Traditionally based on the Bell-LaPadula confidentiality model, data can be moved low-to-high with minimal processes, while high-to-low requires much more stringent procedures to ensure protection of the data at a higher level of classification.

The concept represents nearly the maximum protection one network can have from another (save turning the device off). It is not possible for network packets to "leap" across the air gap from one network to another. The upside to this is that such a network can generally be regarded as a closed system (in terms of information, signals, and emissions security), unable to be accessed from the outside world. The downside is that transferring information (from the outside world) to be analyzed by computers on the secure network is extraordinarily labor-intensive, often involving human security analysis of prospective programs or data to be entered onto air-gapped networks and possibly even human manual re-entry of the data following security analysis.

Computer viruses such as Stuxnet and agent.btz have been known to bridge the gap by exploiting security holes related to the handling of removable media. The possibility of using acoustic communication has also been demonstrated by researchers. Researchers have also demonstrated the feasibility of data exfiltration using FM frequency signals.


Maps Air gap (networking)



Examples

Examples of the types of networks or systems that may be air gapped include:

  • Military/governmental computer networks/systems;
  • Financial computer systems, such as stock exchanges;
  • Industrial control systems, such as SCADA in Oil & Gas fields;
  • Life-critical systems, such as:
    • Controls of nuclear power plants;
    • Computers used in aviation, such as FADECs and avionics;
    • Computerized medical equipment;
  • Very simple systems, where there is no need to compromise security in the first place, such as:
    • The engine control unit and other devices on the CAN bus in an automobile;
    • A digital thermostat for temperature and compressor regulation in home HVAC and refrigeration systems;
    • Electronic sprinkler controls for watering of lawns.

Many of these systems have since added features that connect them to the public internet, and are no longer effectively air gapped, including thermostats with internet connections and automobiles, with Bluetooth, Wi-Fi and cellular phone connectivity.


AirScale Radio Access | Nokia Networks
src: networks.nokia.com


Limitations

Limitations imposed on devices used in these environments may include a ban on wireless connections to or from the secure network, or similar restrictions on EM leakage from the secure network through the use of TEMPEST or a Faraday cage.

Further, scientists in 2013 demonstrated the viability of air gap malware designed to defeat air gap isolation using acoustic signaling. Shortly after that, network security researcher Dragos Ruiu's BadBIOS received press attention.

In 2014, researchers introduced "AirHopper", a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone, using FM frequency signals.

In 2015, BitWhisper, a covert signaling channel between air-gapped computers using thermal manipulations was introduced. BitWhisper supports bidirectional communication and requires no additional dedicated peripheral hardware.

Later in 2015, researchers introduced GSMem, a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna.

ProjectSauron malware discovered in 2016 demonstrates how an infected USB device can be used to remotely leak data off of an air-gapped computer. The malware remained undetected for 5 years and relied on hidden partitions on a USB drive not visible to Windows as a transport channel between the air-gapped computer and a computer connected to the internet, presumably as a way to share files between the two systems.

In general, malware can exploit various hardware combinations to leak sensitive information from air-gapped systems using "air-gap covert channels". These hardware combinations use a number of different mediums to bridge the air-gap, including: acoustic, light, seismic, magnetic, thermal, and radio-frequency.


New IoT Threat Map Will Haunt Your Dreams
src: images.tmcnet.com


See also

  • Air gap malware
  • Firewall (computing)
  • Near sound data transfer
  • NIPRNet
  • SilverPush
  • SIPRNet
  • Sneakernet
  • Tempest (codename)
  • Van Eck phreaking

Cisco Wireless Mesh Access Points, Design and Deployment Guide ...
src: www.cisco.com


References

Source of the article : Wikipedia

Comments
0 Comments