Air gap (networking)

From Wikipedia, the free encyclopedia

In Internet Protocol networking, an air gap specifically refers to a physical separation of two devices or networks. It is most recognizable in the time-honored configuration known as "sneaker-net" where the only connection between two devices or networks is via a human being providing media-switching, i.e.; floppies, CDs, USB drives, or connection/disconnection of network connections. The term derives from the fact that such networks have historically not had any physical connection to each other. However, it does apply to wireless networks; two logical networks which do not intersect, but travel over air (thus having no physical connection) are still airgapped.

In environments where networks or devices are Classified at different levels, the two (dis)-connected devices/networks are referred to as "low side" and "high side,", low being unclassified and high referring to classified, or classified at a higher level. This is also occasionally referred to as Red (classified) and black (unclassified). In order to move data from the high side to the low side, it is necessary to write data to a physical medium, and move it to a device on the latter network. Convention and consensus per policy is generally that data can move low-to-high with minimal processes while high-to-low requires much more stringent procedures to ensure protection of the data at a higher level of classification.

The concept represents the maximum protection one network can have from another (save turning the device off). It is not possible for packets or datagrams to "leap" across the air gap from one network to another.

The references below refer to but two of a very many different networks utilized within the U.S. Government.

[edit] See also