What is air gapping? - Definition from WhatIs.com
Part of the Network security glossary:

Air gapping is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. 

An air gapped computer is physically segregated and incapable of connecting wirelessly or physically with other computers or network devices. To to prevent unauthorized data extrusion through eletromagnetic or electronic exploits, there is often a specified amount of space between the air gapped system and outside walls and between its wires and the wires for other technical equipment.

The U.S. National Security Agency TEMPEST project provides recommendations for air-gapping security measures. For a system with extremely sensitive data, a Faraday cage can be used to prevent electromagnetic radiation (EMR) escaping from the air-gapped equipment. Although these measures seem extreme, van Eck phreaking can be used to intercept data such as key strokes or screen images from demodulated EMR waves, using special equipment from some distance away. Other proof-of-concept (POC) attacks for air gapped systems have shown that electromagnetic emanations from sound cards on isolated computers can be exploited and continuous wave irradiation can be used to reflect and gather information from isolated screens, keyboards and other computer components. Acoustical infections have been demonstrated that will transmit data from an infected air gapped computer over ultrasonic frequencies to computers outside the air gap. 

Air-gapping is used in the military, government and financial systems like stock exchanges. The measures are also used by reporters, activists and human rights organizations working with sensitive information. Air gapping can also be used to maintain a stable software environment for sensitive application development. Some very simple computerised control mechanisms are also air gapped -- in this case because they are self-contained and simply do not require outside control. Examples include computerised thermostats that regulate heating and cooling, sprinkler systems, nuclear equipment and engine control units.

The software-defined perimeter (SDP) framework is sometimes referred to as a method of virtual air gapping. SDP requires authentication of all external endpoints attempting to access internal infrastructure and ensures that only authenticated systems can see internal IP addresses. 

This was last updated in November 2015
Contributor(s): Matthew Haughn
Posted by: Margaret Rouse

Related Terms

Definitions

  • Smurf Suite

    - The Smurf Suite is a collection of smartphone hacking and spyware tools that can remotely activate iPhones and Android devices and collect user data through eavesdropping and data access. According... (WhatIs.com)

  • leaky app

    - A leaky app is a small software program – typically a mobile app – that transmits user data across the Internet. The issue is compounded in a BYOD (bring your own device) environment, where employe... (WhatIs.com)

  • asymmetric cryptography

    - Asymmetric cryptography, also called public key cryptography, uses a pair of numerical keys that are mathematically related to encrypt and decrypt data. (SearchSecurity.com)

Glossaries

  • Network security

    - Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question. Find an Answer.Powered by ITKnowledgeExchange.com

Ask An IT Question

Get answers from your peers on your most technical challenges

Ask Question

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.