top | item 41824674

(no title)

"Patching" is the fundamental reason airgapping isn't a sound solution, IMO. If you're a TLA you can probably find some secure, verifiable, write-only way to transfer patches to your air gapped machines. But for any normal person/organization; you'll very likely end up less secure due to how hard this is.

discuss

closeparen|1 year ago

You can use DVD-Rs to load a WSUS server for Windows or a package mirror for Linux, I’d just be surprised if many airgapped operators were keeping on top of this.

notesinthefield|1 year ago

This exactly how its done in many high security gapped environments. Once you get in a rhythm its not hard.