Using an Air-Gapped Computer in 2022: Full Air-Gapping Guide
One of the most effective, though impractical, forms of cybersecurity is a so-called air gap. In this guide, we’ll go over what an air-gapped computer is and how you can set one up for yourself.
If you’re looking into the many ways you can secure your digital devices, you may have come across the idea of an air-gapped computer, one that’s not connected to the internet at all. In this guide, we’ll go over how an air gap works, how to set one up and why you should — or shouldn’t — bother.
Key Takeaways:
- Air-gapping is a great way to make sure files are kept safe from interference, though the cost for this security is they’re usually harder to access.
- Because of the inconvenience, air-gapping is usually reserved for extremely sensitive and critical systems.
- Unlike networked systems, air-gapped ones rely a lot more on physical security, which can make it a pricey proposition for companies.
- Setting up an air-gapped machine is as easy as getting an old laptop, unplugging it and never plugging it in again.
The short version is air-gapping is an extremely effective security measure, maybe even the most secure after never turning a device on. However, it is also impractical for most people most of the time. While it seals your computer from threats, it also seals it from the World Wide Web, meaning it loses much of its usefulness.
Any machine can be hacked. It’s just harder to reach an air-gapped one.
When a computer or network has been set up with an air gap, we call this an air-gapped installation.
Computer storage that isn’t connected to the internet, usually a machine that only allows data transfer using USBs or similar formats.
What Is an Air-Gapped Computer?
First, let’s take a closer look at what an air-gapped computer is. In short, it’s a computer that isn’t connected to any network. By this, we usually mean the internet, of course, but to be a proper air gap, there can’t be any network connection whatsoever. No LAN, no WiFi, no office extranet, no printers, nothing.
In practice, this is a little watered down, of course. You can find air-gapped networks and other systems. The idea remains the same, though. The air-gapped computer or system has no contact with the world other than physical access by an authorized person or people.
The term comes from the idea that there is a gap between your computer and the internet, which is filled with air. The other term for it is “air wall,” which is better than this conceptual air gap as you can imagine a wall of nothing separating your computer from everything else.
The reasoning is most threats come from the internet, no matter if it’s a targeted cyberattack or just the office idiot downloading dodgy files onto their work computer. By closing this connection, you prevent hazards from reaching you. After all, if you know your tap water has a bug in it, you wouldn’t drink it.
Downsides to an Air-Gapped Computer System
Of course, you can already see a downside. Humans need water to live and computers need the internet to reach their full potential. Imagine a computer that is not in any way connected to the internet. You couldn’t check your email, you couldn’t watch Netflix, you wouldn’t even be able to read this article.
While air gaps are a great way to keep a computer network secure, they hobble productivity. For example, you can’t do research online, nor can you send a quick email to a colleague in another facility.
If you need information from an air-gapped computer, you’ll have to read it from the screen and remember it, write it down or use a wired printer. To transfer data, you’ll have to use some kind of removable media, like a USB drive or, if you want to go really old school, a floppy disk.
Usually, to further improve security, air-gapped systems and their users are also physically isolated, so it’s not like you can send a quick email using a nearby mobile phone. The whole objective is to make sure no one but authorized personnel can get to the system at no risk of contamination — your malware-laden mobile is a definite risk.
Who Uses Air-Gapped Computers & Systems?
As you can imagine, these draconian measures are reserved for extremely high-risk systems. Not only is setting up an air-gapped network or computer a big undertaking, making sure it stays secure is a big investment of time and effort. As such, you can expect them in institutions and organizations that need the security and can work around the drawbacks.
The first example that springs to mind are high-security environments like spy agencies — cue the Mission Impossible music. Most national security organizations likely have air-gapped computers where vital information is stored, probably behind some maximum security checkpoints.
Another section of public life you probably don’t want to be at risk of internet hackers is vital infrastructure. This can include aviation computers as well as systems that maintain water quality or regulate the electric grid.
Financial computer systems are also a good candidate for the air-gap treatment. Many of the algorithms used by hedge funds and the like are proprietary and secret, so keeping them safe from prying eyes is likely a priority.
In short, odds are any organization that needs high-level security and can afford the workarounds is using an air-gapped PC somewhere in its system. From industrial control systems to computerized medical equipment, if there’s a risk of an outside hack, there’s a chance it’s been air-gapped.
Can Air-Gapped Computers Be Breached?
As secure as air-gapped systems are, they’re not invulnerable. It’s just harder to breach one than a networked system. Instead of using remote attacks, the trick to hacking an air-gapped network is to gain physical access to it.
Because of this, securing air-gapped systems is less about cybersecurity than about real-world security — with some caveats. For example, you should still encrypt your hard drive and set up system passwords.
Beyond that, the main dangers for air-gapped computers are theft and burglary, plus their more devious counterpart social engineering, where people talk their way into accessing your machine.
However they do it, unauthorized people could gain access to your machine and tamper with it. Maybe they’re just inserting a virus that will corrupt data, maybe they’re copying files. In either case, you want to make sure you set the air-gapped system up in such a way that nobody can get to it.
How To Set Up an Air-Gapped System
Technically, air-gapping a machine is as easy as unplugging it from the internet. Especially if you’re just using it at home, there’s not much more you need to do. Keep your files safe on that machine and only use USB thumb drives to transfer data off it. You should try to avoid data transfer to the machine as an infected USB device could ruin the cleanliness of the computer.
Of course, to prevent access by people who want to breach air-gapped computers, you may also want to have physical security in place. You could institute physical separation, for instance, by keeping the air-gapped computer away from your networked ones. An old laptop is a prime candidate for this.
Considerations for Your Air-Gapped System
The main concerns when you’ve set up an air gap are to make sure nobody gets near it unless they have to and nobody connects it to the internet for any reason. As such, you may want to disable internet connectivity by disabling WiFi or gumming up the ports.
Besides that, you may want to keep the existence and location of your air-gapped computer a secret. After all, if nobody knows about it, it can’t be accessed. If somebody needs to know the device exists, tell them. If no one does, don’t say a word.
It also pays to keep the computer behind lock and key. If it’s in your home, this may be a small chest or box with a lock on it, but if it’s at a company, you may want to be more thorough and put more serious security measures in place. As with big institutional players like above, think of security doors and big guys with guns.
In the end, though, keeping an air-gapped network secure is far less work than one connected to the internet. It’s a matter of controlling access more than anything.
Final Thoughts: Air-Gapped Networks
Despite its impracticality, air-gapping will likely be used for many years to come as it greatly reduces the headache associated with keeping sensitive information secret. No matter if it’s your ideas for a novel or a novel algorithm, keeping it on a computer system that’s not connected to a network is a great way to keep it away from prying eyes.
What do you think of air-gapping? Have you set up an air gap yourself? Do you think it’s worth the hassle, or are there more expedient ways to guarantee security? Let us know in the comments below and, as always, thank you for reading.