📖 What is Air Gap?
An air gap is a security measure implementing physical isolation of a computer or network from all other networks, including the internet. This is achieved by physically disconnecting all communication pathways, preventing data transfer and remote access, and mitigating the risk of remote exploitation.
"The exam will test your understanding of true air gaps versus perceived isolation. A network segmented by firewalls is *not* an air gap. Understand that data can still be transferred via removable media, which is a common bypass technique. Focus on complete physical disconnection."
📚 Certification: CompTIA Security+ Certification Exam (SY0-701)
🔑 What are the Key Concepts of Air Gap?
- ▸ True air gaps involve physically disconnecting *all* network connections – wired and wireless – to eliminate network-based attack vectors.
- ▸ Removable media (USB drives, external hard drives) represent a significant vulnerability and bypass method for air gaps; policies must address this.
- ▸ Air gapping is a preventative control, aiming to stop attacks before they reach the isolated system, rather than detecting and responding.
- ▸ Air gaps are often used to protect highly sensitive systems like ICS/SCADA, classified military networks, and critical infrastructure.
- ▸ Maintaining an air gap requires strict physical security and control over all data transfer methods, including personnel access.
🎯 How does Air Gap appear on the SY0-701 Exam?
You may be asked to identify the most effective method to protect a critical system from remote exploitation, given a scenario describing a high-threat environment.
A scenario might describe a company needing to secure sensitive data that *cannot* be exposed to any external network; determine the appropriate isolation technique.
Expect questions about the limitations of air gaps and how attackers might attempt to bypass them, such as through supply chain attacks or insider threats using removable media.
❓ Frequently Asked Questions
Is network segmentation with firewalls considered an air gap?
No. Firewalls provide network security, but do not achieve the complete physical isolation required for a true air gap. A network behind a firewall is still accessible, albeit with restrictions.
What are the challenges of implementing and maintaining an air gap?
Challenges include data transfer needs, software updates, and the constant risk of bypass through removable media or malicious insiders. Strict policies and monitoring are essential.
Can an air-gapped system still be compromised?
Yes. Air gaps aren't foolproof. Attacks can occur via compromised supply chains (malware on hardware), insider threats, or through the use of removable media like USB drives.