Xkcd dating profile

It successfully jumped the air gap and penetrated the Natanz network.

xkcd dating profile-68

So if you use a tiny transfer device, it can only steal a very small amount of data at a time.

If you use a large device, it can take that much more. Consider encrypting everything you move on and off the air-gapped computer.

It turned out to be harder than I expected, and I have ten rules for anyone trying to do the same: 1.

When you set up your computer, connect it to the Internet as little as possible.

Since we know that computers connected to the Internet are vulnerable to outside hacking, an air gap should protect against those attacks.

There are a lot of systems that use -- or should use -- air gaps: classified military networks, nuclear power plant controls, medical equipment, avionics, and so on. I hope human rights organizations in repressive countries are doing the same.

(The ultra-paranoid way to do this is to buy two identical computers, configure one using the above method, upload the results to a cloud-based anti-virus checker, and transfer the results of that to the air gap machine using a one-way process.) 2.

Install the minimum software set you need to do your job, and disable all operating system services that you won't need.

Note: the first company to market a USB stick with a light that indicates a write operation -- not read write; I've got one of those -- wins a prize. When moving files on and off your air-gapped computer, use the absolute smallest storage device you can. If an air-gapped computer is compromised, the malware is going to try to sneak data off it using that media.

While malware can easily hide stolen files from you, it can't break the laws of physics.

Air gaps might be conceptually simple, but they're hard to maintain in practice.

Tags: , ,