The highest level of security for a computer is an air gap. This is the only way to minimize the chances of your computer being compromised. Anything less, and a dedicated hacker will somehow handle it.
Why should I make an air gap in my computer?
The average person doesn’t need to rip up a computer. This is mainly the prerogative of corporations and governments. For the government, this could be a confidential database, a project, or perhaps a weapons control system. For a corporation, he can keep trade secrets, financial information, or manage the production process. Activist groups can also do this to prevent termination of their work.
This probably doesn’t bother you if you only use a home computer. However, implementing just one or two of these measures will greatly increase your safety.
What is the air gap?
When you create an air gap in a computer, only air remains between the computer and the rest of the world. Of course, since Wi-Fi came along, it has changed and now means no connection with the outside world. Nothing that is not already on the computer should not be on it. Nothing should be removed from the computer.
How do I Air Gap My Computer?
Setting an air gap on your computer is not as easy as unplugging your network cable and turning off Wi-Fi. Remember, this is an important target for criminal hackers and national government officials (NSA) who work for foreign governments. They have money and time. In addition, they enjoy challenging tasks, so it is very interesting for them to go to the computer with an air gap.
Let’s start from the outside of the computer and go inside:
- Operational Safety (OpSec) is important. OpSec can be oversimplified by saying it is overhead information. No one needs to know what is in the room, let alone what the computer is for or who has the authority to control it. Treat it like it doesn’t exist. If unauthorized people find out about this, they are vulnerable to social engineering attacks
- Make sure he is in a secure room. The room should have only one entrance and it should be permanently locked. If you come to work, lock the door behind you. Only authorized PC operators should have access. How you do this is up to you. Physical and electronic smart locks have their pros and cons.
Beware of false ceilings. If an intruder can jump out of the ceiling tile and fly over the wall, a locked door means nothing. There is no window either. The room’s only purpose is to house this computer. If you store something there, it is possible to sneak in and hide your webcam, microphone, or radio frequency eavesdropping device.
- Make sure this is a safe room. That is, it is safe for the computer. The room should have the ideal climate for the computer to last as long as possible. Every time a computer with an air gap breaks down and recycling appears, there is a chance to get information from the discarded computer.
You will also need a computer fire suppression system. Anything using inert gases or halocarbons is appropriate. It must be non-destructive to the computer, otherwise the hacker might try to destroy the computer by turning on the sprinklers if possible.
- Do not put all other unnecessary electronic devices in the room. No printers, mobile phones, tablets, USB drives or key fobs. If it has a battery in it or uses electricity, it does not enter this room. Are we paranoid? No. Check out Dr. Mordechai Guri’s air gap study and see what is possible.
- Speaking of USB. Connect or remove any unnecessary USB ports You may need a USB port or two for your mouse-combos-for-any/”>keyboard and mouse These devices must be locked in place and must not be removed. Any other USB port should be removed or blocked with something like a USB port blocker Better yet, use a USB to PS / 2 adapter for mouse-combos-for-any/”>keyboard and mouse with PS / 2 mouse-combos-for-any/”>keyboard and mouse Then you don’t need external USB ports at all.
- Eliminate all possible ways to create a network. Remove Wi-Fi, Ethernet, and Bluetooth hardware, or start with a computer that doesn’t have them. It is not enough to simply turn off these devices. Any required network cable must be shielded. This may be an industrial process controller, so some cables may be required.
- Disable all shared network ports on the computer. This means ports such as 80 for HTTP, 21 for FTP and other virtual ports. If a hacker somehow physically connects to the computer, at least those ports won’t wait and wait.
- Encrypt the hard drive If a hacker does get to the computer, at least the data will be encrypted and useless to them.
- Shut down your computer when you do not need it. Even turn it off.
Is my computer safe now?
Get used to the terms acceptable risk and reasonable security. As long as there are hackers in both white and black hats, new ways to bridge the air gap will be developed. There are many things you can do, but when you create an air gap in your computer, this is at least a good start.