← Back to glossary

Physical isolation of a system from untrusted networks to reduce remote attack surface.

Definition

An air gap is a security control where a system is not connected (directly or indirectly) to external networks. Data transfer is controlled (e.g., via removable media) and must be managed to prevent bridge attacks.

In plain English Physical isolation of a system from untrusted networks to reduce remote attack surface.

Why this matters

Why it matters: It reduces exposure to remote exploitation, but operational processes (USB handling, updates) become the primary risk.

Example

Example: Keep signing keys on an air‑gapped machine and transfer only signed artifacts through a controlled, scanned channel.