Air-Gapped Isolation
- Some hosts are so security-critical that it is unsafe to connect them to any type of network
- e.g.,
- root certification authority in PKI
- host used to analyze malware execution
- e.g.,
Air-gapped is a type of network isolation that physically separates a host from other hosts or a network from all other networks.
- possible to configure an air-gapped network
- means that hosts within the air-gapped network can communicate
- but there is no connection to any other network
- used by military, government, industrial facilities, etc.
- incurs significant management challenges
- Device administration has to be performed at a local terminal
- updates or installs have to be performed using USB or optical media
- media is a potential attack vector
- must be scanned before use
- media is a potential attack vector