When it comes to vectors of attach on computer systems, it pay to take layered approaches to computer security.
Firewalls can stop some traffic before it gets on your network.
Proxy servers can control outbound traffic, and sense when a local computer is sending data to a remote computer it shouldn’t.
Anti-virus and anti-malware products can help detect and eliminate bad software when it makes it to your computer. These are common tactics and – taken in concert – work well to protect most systems.
Some people take things a step further and completely isolate computers from their local network and/or the Internet itself. This physical isolation is called “air gapping”. The idea is that if there’s no network, there’s no way for a virus or other malware to infect the system. But there is a trade off in the loss of end-to-end connectivity resulting in a decline in productivity and efficiency within your processes.
Unfortunately, another issue that’s often overlooked is the “sneakernet”.
“Sneakernet” is what we used to call the process of installing an application on – or moving data between – multiple computers by walking over to them (in our sneakers) with floppy disks.
Today, sneakernets are alive and well in places where computers are air gapped. Though we tend to use USB drives and CDs rather than floppy disks.
The problem with sneakernets is that they’re often overlooked as vectors for attack. Thumb drives, and other USB devices (like iPods, cell phones, and digital cameras) can be infected – or carry infected data – and transmit those infections to systems that would be otherwise immune to attack.
In other words, air gapping a computer can provide a false sense of security. It’s easy to defeat the very protection air gapping is intended to provide.
If you run an air-gapped system, be cognizant of how you install software and move data to and from it. Make sure you have policies in place to provide connectivity for registering software, use vetted devices; and make sure your anti-virus product(s) can scan USB, CD, and DVD devices.
Image courtesy of ddpavumba at FreeDigitalPhotos.net