Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Bruce Schneier on the good, old air gap

Nathan Loofbourrow njloof at gmail.com
Mon Oct 7 13:29:43 PDT 2013


Perhaps not every device, but maybe just one device you use for reading encrypted mail and the like. It could be a Raspberry Pi you carry in a knapsack, or something.

n

> On Oct 7, 2013, at 12:14, yersinia <yersinia.spiros at gmail.com> wrote:
> 
>> On Mon, Oct 7, 2013 at 5:16 PM, Eugen Leitl <eugen at leitl.org> wrote:
>> 
>> http://www.wired.com/opinion/2013/10/149481/
>> 
>> Want to Evade NSA Spying? Don’t Connect to the Internet
>> 
>> BY BRUCE SCHNEIER 10.07.13 6:30 AM
>> 
>> Photo: Ariel Zambelich / WIRED; Illustration: Ross Patton / WIRED
>> 
>> Since I started working with Snowden’s documents, I have been using a number
>> of tools to try to stay secure from the NSA. The advice I shared included
>> using Tor, preferring certain cryptography over others, and using
>> public-domain encryption wherever possible.
>> 
>> I also recommended using an air gap, which physically isolates a computer or
>> local network of computers from the internet. (The name comes from the
>> literal gap of air between the computer and the internet; the word predates
>> wireless networks.)
>> 
>> But this is more complicated than it sounds, and requires explanation.
>> 
>> Since we know that computers connected to the internet are vulnerable to
>> outside hacking, an air gap should protect against those attacks. There are a
>> lot of systems that use — or should use — air gaps: classified military
>> networks, nuclear power plant controls, medical equipment, avionics, and so
>> on.
>> 
>> Osama Bin Laden used one. I hope human rights organizations in repressive
>> countries are doing the same.
>> 
>> Air gaps might be conceptually simple, but they’re hard to maintain in
>> practice. The truth is that nobody wants a computer that never receives files
>> from the internet and never sends files out into the internet. What they want
>> is a computer that’s not directly connected to the internet, albeit with some
>> secure way of moving files on and off.
>> 
>> But every time a file moves back or forth, there’s the potential for attack.
>> 
>> And air gaps have been breached. Stuxnet was a U.S. and Israeli
>> military-grade piece of malware that attacked the Natanz nuclear plant in
>> Iran. It successfully jumped the air gap and penetrated the Natanz network.
>> Another piece of malware named agent.btz, probably Chinese in origin,
>> successfully jumped the air gap protecting U.S. military networks.
>> 
>> These attacks work by exploiting security vulnerabilities in the removable
>> media used to transfer files on and off the air gapped computers.
>> 
>> Bruce Schneier is a security technologist and author. His latest book is
>> Liars and Outliers: Enabling the Trust Society Needs to Survive.
>> 
>> Since working with Snowden’s NSA files, I have tried to maintain a single
>> air-gapped computer. It turned out to be harder than I expected, and I have
>> ten rules for anyone trying to do the same:
>> 
>> 1. When you set up your computer, connect it to the internet as little as
>> possible. It’s impossible to completely avoid connecting the computer to the
>> internet, but try to configure it all at once and as anonymously as possible.
>> I purchased my computer off-the-shelf in a big box store, then went to a
>> friend’s network and downloaded everything I needed in a single session. (The
>> ultra-paranoid way to do this is to buy two identical computers, configure
>> one using the above method, upload the results to a cloud-based anti-virus
>> checker, and transfer the results of that to the air gap machine using a
>> one-way process.)
>> 
>> 2. Install the minimum software set you need to do your job, and disable all
>> operating system services that you won’t need. The less software you install,
>> the less an attacker has available to exploit. I downloaded and installed
>> OpenOffice, a PDF reader, a text editor, TrueCrypt, and BleachBit. That’s
>> all. (No, I don’t have any inside knowledge about TrueCrypt, and there’s a
>> lot about it that makes me suspicious. But for Windows full-disk encryption
>> it’s that, Microsoft’s BitLocker, or Symantec’s PGPDisk — and I am more
>> worried about large U.S. corporations being pressured by the NSA than I am
>> about TrueCrypt.)
>> 
>> 3. Once you have your computer configured, never directly connect it to the
>> internet again. Consider physically disabling the wireless capability, so it
>> doesn’t get turned on by accident.
>> 
>> 4. If you need to install new software, download it anonymously from a random
>> network, put it on some removable media, and then manually transfer it to the
>> air gapped computer. This is by no means perfect, but it’s an attempt to make
>> it harder for the attacker to target your computer.
>> 
>> 5. Turn off all auto-run features. This should be standard practice for all
>> the computers you own, but it’s especially important for an air-gapped
>> computer. Agent.btz used autorun to infect U.S. military computers.
>> 
>> 6. Minimize the amount of executable code you move onto the air-gapped
>> computer. Text files are best. Microsoft Office files and PDFs are more
>> dangerous, since they might have embedded macros. Turn off all macro
>> capabilities you can on the air-gapped computer. Don’t worry too much about
>> patching your system; in general, the risk of the executable code is worse
>> than the risk of not having your patches up to date. You’re not on the
>> internet, after all.
>> 
>> 7. Only use trusted media to move files on and off air-gapped computers. A
>> USB stick you purchase from a store is safer than one given to you by someone
>> you don’t know — or one you find in a parking lot.
>> 
>> 8. For file transfer, a writable optical disk (CD or DVD) is safer than a USB
>> stick. Malware can silently write data to a USB stick, but it can’t spin the
>> CD-R up to 1000 rpm without your noticing. This means that the malware can
>> only write to the disk when you write to the disk. You can also verify how
>> much data has been written to the CD by physically checking the back of it.
>> If you’ve only written one file, but it looks like three-quarters of the CD
>> was burned, you have a problem. Note: the first company to market a USB stick
>> with a light that indicates a write operation — not read or write; I’ve got
>> one of those — wins a prize.
>> 
>> 9. When moving files on and off your air-gapped computer, use the absolute
>> smallest storage device you can. And fill up the entire device with random
>> files. If an air-gapped computer is compromised, the malware is going to try
>> to sneak data off it using that media. While malware can easily hide stolen
>> files from you, it can’t break the laws of physics. So if you use a tiny
>> transfer device, it can only steal a very small amount of data at a time. If
>> you use a large device, it can take that much more. Business-card-sized
>> mini-CDs can have capacity as low as 30 MB. I still see 1-GB USB sticks for
>> sale.
>> 
>> 10. Consider encrypting everything you move on and off the air-gapped
>> computer. Sometimes you’ll be moving public files and it won’t matter, but
>> sometimes you won’t be, and it will. And if you’re using optical media, those
>> disks will be impossible to erase. Strong encryption solves these problems.
>> And don’t forget to encrypt the computer as well; whole-disk encryption is
>> the best.
>> 
>> One thing I didn’t do, although it’s worth considering, is use a stateless
>> operating system like Tails. You can configure Tails with a persistent volume
>> to save your data, but no operating system changes are ever saved. Booting
>> Tails from a read-only DVD — you can keep your data on an encrypted USB stick
>> — is even more secure. Of course, this is not foolproof, but it greatly
>> reduces the potential avenues for attack.
>> 
>> Yes, all this is advice for the paranoid. And it’s probably impossible to
>> enforce for any network more complicated than a single computer with a single
>> user. But if you’re thinking about setting up an air-gapped computer, you
>> already believe that some very powerful attackers are after you personally.
>> If you’re going to use an air gap, use it properly.
>> 
>> Of course you can take things further. I have met people who have physically
>> removed the camera, microphone, and wireless capability altogether. But
>> that’s too much paranoia for me right now.
> 
> I like  Bruce much, i have read all of him, every book, mostly article, from years. But no normal person would follow these advice, all smartphones should be turned off, each tablet, and every pc should be turned in a anonyomous client of an anonymous network. Sure, who believe in the paranoia model definitely find comfort in these indications, for example i am one. But those who follow this model, really, are following it also not in only the cyberspace, but also in the real life, every day ? Really? Internet is perhaps evil but perhaps also our world is not so a sane and secure place, sometime (or every time, depend).
> 
> Best
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20131007/f44d4a37/attachment.html>


More information about the liberationtech mailing list