Air Gap

Updated on Tuesday, April 12, 2016

The latest revelations about how thoroughly the NSA, GCHQ and friends have corrupted Internet security have got Bruce Schneier recommending an air gap.

Back in the late 90's I played a small role in the fight against the UK government's trusted third party / mandatory key escrow scheme on behalf of Ç-Dilla, at around the same time as the Clinton administration was pushing the Clipper Chip. It seemed that the fight was won, but apparently after being told no the spy agencies went and found a way to do it anyway.

The starting point is terrorists, because there is nothing that can't be justified by the war on terror. But all that data just wants to be used so it gets shared with the DEA, and then the IRSAnd then LOVEINT. The implications for civil liberties and the economy aren't great but they're probably not the worst fallout.

The ending point is probably terrorists as well. Because by opening up back doors and sneaking weaknesses into the algorithms that we depend on for security we've opened up holes for the bad guys to exploit. Bad enough that your local nuclear power station is hooked up to the Internet but now we know the VPN and the Firewall that should be keeping it safe have been fatally compromised.

If we really wanted to save the most possible lives then the billions being sunk into the NSA would be better spent developing self-driving cars.

Add your comment...

Related Posts

You Might Also Like

(All Politics Posts)

politics, nsa, encryption

| by on 2013-09-08 | 2 Comments

Comments

Ronald Duncan

Air gaps are cheap and easy to implement provided you do not need to connect to external networks.

Our old method was to remove the coms ports from the motherboard soldering iron, and store the hard drive in a safe when the isolated PC was not attended, and rekey any data required, or have a secure way of transferring data from a physical medium to the pc. The problem is that floppy disks, USB key fobs etc etc have a habit of getting infected.

Fiber optic network and 3 meter air gaps between networks works well if you have to network a group of PC's together, with a dedicated PC for transferring data between networks e.g. back up email from one network transfer validate and then load onto the other network to get over the airgap. Data diodes and message pumps now make this easier, but you need to log and validate all cross traffic.

Unless you are working on military projects this is all over the top, but the problem was solved decades ago when we had serious adversaries in the form of the USSR etc.

| by Ronald Duncan on Tuesday, April 12 2016
Colin Robbins
While Air-Gaps are a good conceptual solution, in practice beyond Schneier's single PC example, they are very hard to achieve. There is nearly always a backdoor to be found somewhere than an attacker can exploit. Opinion is divided, as can be seen of various discussion groups about air-gaps, as to how to sovle the issue if you do need true network seperation. A report attributed to NIST suggests that when they investigated industrial control systems that claimed to be air-gapped, they infact found on average 7 connections. My perspective is the various backdoors are typcially there because someone or some process needed access for some ad-hoc purpose. Often remote maintainence. The issue occurs becuse the person or process has a need, and the front door is shut, so they implement a backdoor. So I argue it makes better sence to have a controlled front door, in which legitimate access can be granted to a specific business process on an as-needs basis. If the security assurance of the perceived air-gap is needed, the an option to consider is a data diode to ensure data only flows one way. These issues are explored further in my blog article on the subject: http://cybermatters.info/2013/04/16/network-segregation/
| by Colin Robbins on Tuesday, October 8 2013

Add Comment

All comments are moderated. Your email address is used to display a Gravatar and optionally for notification of new comments and to sign up for the newsletter.

I Thought He Came With You is Robert Ellison's blog.

Newsletter

Related

Securing the Internet of Things

More on breaking the Internet — I finally got round to actually reading SOPA and PIPA. I make my living from intellectual property, it's my hobby as well. I also used to work at Macrovision, at the time the leading anti-piracy company for Hollywood, software, music and games. I understand...

Securing the Internet of Things — We can’t trust manufactures to build secure connected devices and so routers need to be updated to solve this problem once per network. The distributed denial of service (DDOS) attack on Friday, October 21 was apparently caused by dodgy webcams....

Routers to defend against rogue IoT devices — A few months ago I wrote about my cunning plan to stop Internet of Things botnets: stop them at the router. It's just possible that these were in the works before that post but Symantec, BitDefender and Intel unveiled router level IoT...

Popular Posts

Export Google Fit Daily Steps, Weight and Distance to a Google Sheet

Accessing Printer Press ESC to cancel

Is it safe to open securedoc.html (Cisco Registered Envelope)?

Migrating a C# Integration from GA3 to GA4

Upgrading from word2vec to OpenAI

User scoped custom dimensions in Google Analytics 4 using gtag

Monitor page index status with Google Sheets, Apps Script and the Google Search Console API

Reading and Writing Office 365 Excel from a Console app using the Microsoft.Graph C# Client API

Sending email via GMail in C#/.NET using SmtpClient

Enable GZIP compression for Amazon S3 hosted website in CloudFront

Recent Posts

ITHCWY Newsletter for May 2023

10 Electoral College Votes Closer

Reviews for May 2023

Hold It

Give your stupid niche kids app a useful name please!

Catfood WebCamSaver 3.31

Coronation

Shipping a website in a day with Generative AI

Blogging on reMarkable

3D Printing a Window Mount for a Google Nest Indoor Wired Gen 2 Camera

Recent Tags