What is Air-Gapped Network ?

An air-gapped network is an internal computer network that is completely isolated from the outer Internet with no inbound or outbound traffic at all. Typically, the reasons are either physical security or high data confidentiality requirements. Some prominent examples of air-gapped networks include various national security actors such as defense, governments, and military bodies, as well as critical infrastructure entities that provide energy, water utilities, and other enabling services.  

Organizations of these types strive to segregate their most sensitive network segments entirely, so they are cut off from any internet connections. The notion behind air-gapping a network is to reduce its attack surface to the bare minimum and ensure that no malicious traffic makes its way inside. It should be noted, however, that due to the increased connectivity today, there are very few networks that are truly 100% gapped with no interaction at all. The more common reality is of a ‘mostly air-gapped’ network that maintains highly controlled external connections for software updates, 3rd party contractor access, etc.

What Attacks does an Air-Gapped Network Face?

While the air-gapped network’s attacks are indeed reduced, that doesn’t make it immune to cyberattacks. Moreover, while the air gapping makes an attacker’s initial access much harder, it has no effect on the network’s resilience to post-compromise actions such as lateral movement and following malware execution. 

In fact, its segregation from external sources such as threat intelligence servers, or centralized threat analysis cloud makes an air-gapped network more vulnerable than a regular one to such attacks.

The MFA Challenge for Air-Gapped Networks

The most pressing security issue within an air-gapped network is malicious access to its computers and servers. Such access can be carried out directly by a malicious insider or through lateral movement. That or the other, to defend against such a scenario there is a need to harden the authentication requirements to more than merely username and password. But how can you employ an MFA solution if there is no outbound connectivity?

The Solution: Hardware-Based Access Tokens

The common practice for air-gapped networks to overcome this barrier is to use physical hardware security tokens in place of the standard mobile devices that require internet connectivity. 

This consideration adds another requirement, with FIDO2 as the preferred standard for hard tokens, and is being resilient to both advanced and traditional phishing attacks. However, FIDO2 doesn’t natively fit into many networks that weren’t designed to work with the specific protocols it supports, leaving them out of the scope of this protection. Learn how Silverfort solves this problem.

Frequently Asked Questions

  • Can an air-gapped network be hacked?

    Although it’s not impossible to hack an air-gapped network, it’s much more difficult and less likely to be successfully hacked than a network that is connected to the internet or other external networks.

    With the increasing sophistication of attackers, it’s important for organizations that use air-gapped networks to have a robust security strategy in place to detect and respond to any potential breaches.

  • How are air-gapped networks breached?

    There are several methods that can be used to breach an air-gapped network, such as:

    1. Physical attacks: An attacker can gain physical access to a computer or device on an air-gapped network and install malware or steal sensitive information. This can include gaining access to the computer through unsecured ports, installing keyloggers, or using other methods to gain access to the computer.
    2. Social engineering: An attacker can use social engineering techniques to trick an employee into installing malware or providing sensitive information. This can include phishing emails, pretexting, or baiting.
    3. Side-channel attacks: An attacker can use techniques such as power analysis or electromagnetic emanations to extract sensitive information from an air-gapped network.
    4. Supply Chain attack: An attacker can compromise software or hardware components while they are being manufactured or during their distribution.
    5. Air-gap jumping: An attacker can use techniques such as USB drives, NFC, or other means to jump the air-gap and infect the isolated network.
    6. Malicious insiders: Employees or contractors with access to the air-gapped network can intentionally or unintentionally introduce malware or steal sensitive data.
  • What is the advantage of air gap?

    The main advantage of an air-gapped network is that it is much more difficult and less likely to be successfully hacked than a network that is connected to the internet or other external networks.

    Some of the advantages of air-gapped networks include:

    1. Increased security: Air-gapped networks are considered to be more secure than other types of networks because they are physically isolated from other networks and the internet. This makes it much more difficult for attackers to gain access to the network and steal sensitive information.
    2. Protection against malware: An air-gapped network is also protected against malware that is spread through the internet, such as worms and viruses. Because the network is not connected to the internet, it is not exposed to these types of threats.
    3. Protection against data leakage: Air-gapped networks can also help to protect against data leakage, which is the unauthorized exfiltration of sensitive data. Because the network is not connected to the internet, it is much more difficult for data to be leaked out of the network.
    4. Compliance: Air-gapped networks can be used to meet certain compliance requirements such as payment card industry data security standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA) that require sensitive data to be stored and processed in a secure environment.