Jumping Air Gaps

 

There are all sorts of viruses, worms, and malware out in the world, and some of us have had to deal with them at different points in our career. SQL Slammer was particularly memorable for me, but there were plenty of non data related virus issues I’ve had to work on at various employers.

To keep sensitive information safe, many high security environments have built air-gapped computers, where these systems aren’t connected to a network, or at least not a general network in an organisation, and certainly can’t access the Internet. At home, you could think of this as an older computer with no network card, or even a spare laptop with a broken network radio. To get information to/from this computer, you’d use some sort of removable media.

Apparently there are concerns about malware being able to jump this air gap, using the removable media. Nothing terribly new here, as infected USB sticks have been a concern for years, but this appears to be a twist and apparently the malware waits for a chance to send information off to a receiver.

If your system is truly air gapped, then there might not be a way for this information to be ever be copied, but what if that isn’t the goal. Imagine ransomware uses this technique and infects database backups. If you have an offline place for backups, could a copy of a new backup infect other backups? With separate tapes this isn’t an issue, but if you use some sort of part-time connection to move data, this could be an issue.

I’m always wary of online backups or even live copies of data. I know many large systems find tape unusable and impractical, but I know that having physical copies of tapes ensured some level of security for my backups.

The creativity of malicious actors and the threat vectors they devise are scary and incredibly hard to guard against. I don’t know what the best solution is for data and database backups, but I certainly hope that someone smarter than me is working on the problem.

Steve Jones

Listen to the podcast at Libsyn, Stitcher or iTunes.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged . Bookmark the permalink.