GSM: Airgap Update
The Airgap feature makes it possible to use one GSM connected to the Internet to update additional GSMs which may be located in an secure area and not connected to the Internet. Using the Airgap feature, GSMs not connected to the Internet are able to use a recent version of the Greenbone Security Feed and to receive new versions of the Greenbone OS.
In the following guide, the GSM connected to the Internet will be referred to as the Airgap-Master, while GSMs not connected to the Internet will be referred to as Airgap-Slaves.
The transfer via USB stick does not require any login and therfore requires no keyboard or monitor. All necessary steps are communicated via the LCD display of the GSM. The only steps in the daily business are: The responsible person walks to the Airgap-Master, pulls the USB stick and plugs it into the Airgap-Slave. After 1-2 minutes the stick is placed back into the Airgap-Master. Optionally the USB stick can be handled by a USB stick security gate as part of the transfer.
The Airgap feature is available starting with Greenbone OS 2.1.0.
Please note that use of the Airgap feature is only possible with a specially prepared USB flash drive. Please contact the technical support (see Contact) with your customer ID to request a suitable USB flash drive.
Preparing the Airgap-Master
To use a GSM as Airgap-Master, you have to set this role in the "gos-admin-menu". To do this, select the "Airgap role" entry in the "Feed" menu and set its value to "master". Confirm this change by selecting "Commit".
Please note that this change will only affect daily updates taking place after the change. The instructions described in Updating the Airgap USB flash drive via Airgap-Master will only work after the next daily update.
Preparing the Airgap-Slave
To use a GSM as Airgap-Slave, you have to set this role in the "gos-admin-menu". To do this, select the "Airgap role" entry in the "Feed" menu and set its value to "slave". Confirm this change by selecting "Commit".
Updating the Airgap USB flash drive via Airgap-Master
In the course of the daily feed update, the Airgap-Master will now automatically create an update package and prepare it for copying to the USB flash drive. When an update package is ready, the message "Airgap Master USB Ready" will appear in the display of the GSM.
The update of the USB flash drive is automatically triggered by inserting the drive into the GSM. Once the message "ok to remove" appears in the display, it is safe to remove the device.
Updating the Airgap-Slave via the Airgap USB flash drive
The USB flash drive created using the Airgap-Master can now be used with the Airgap-Slave. By inserting the USB flash drive into the GSM, the update on the Airgap-Slave is triggered. Once the message "ok to remove" appears in the display, it is safe to remove the device. The Airgap-Slave will now process the update. Depending on the size of the update, it may take some time until the Airgap-Slave is ready to use the new and updated NVTs.