Week 9b: Building Airgapped Systems & Data Transfer
Goal Build a functional airgapped system and learn secure methods for transferring data to and from it without network connectivity. Prerequisites: Week 9a (Physical Security Fundamentals) This is Part 2 of 3 - Covers system setup and data transfer workflows. 1. Building Your Airgapped System Operating System Setup Recommended: Minimal Debian or Arch # Create bootable USB installer (on networked machine) dd if=debian-netinst.iso of=/dev/sdX bs=4M status=progress # Boot target airgap machine from USB # During installation: # - Do NOT configure network (skip this step) # - Enable full-disk encryption (LUKS) # - Set strong passphrase (20+ characters) # - Minimal package selection (no desktop if CLI-only) Post-Install Hardening # 1. Verify no network interfaces active ip link show # Should show only 'lo' (loopback) - no eth0, wlan0, etc. # 2. Disable all network services permanently sudo systemctl disable NetworkManager sudo systemctl mask NetworkManager sudo systemctl disable systemd-networkd sudo systemctl mask systemd-networkd sudo systemctl disable bluetooth sudo systemctl mask bluetooth # 3. Remove network packages (optional, extreme) sudo apt purge network-manager wpasupplicant bluetooth bluez # 4. Verify networking is truly disabled sudo systemctl list-units --type=service --state=running | grep -i net # Should return nothing # 5. Set BIOS password to prevent boot order changes # (Enter BIOS setup during boot, varies by manufacturer) 2. Secure Data Transfer Methods Option 1: QR Code Transfer (Small Text Data) When to use: GPG public keys, Bitcoin addresses, short messages, signatures ...