Ozeki Chat Server in an Air Gapped LAN

In an era where data security is paramount, the implementation of an air-gapped chat system within a Local Area Network (LAN) offers unparalleled security for communication needs. Physically detached from external networks and the internet, this system guarantees an exceptionally high level of protection against remote hacking or cyberattacks. Within this closed environment, communication is confined to local connections or secure channels, ensuring that sensitive information remains shielded from external threats. In this lecture you can learn about how to use Ozeki Chat Server technology to setup an air-gapped chat system. If you would like your chat system to be accessible by clients over the Internet, this configuration is not for you (in this case check out other on-premises configurations for your chat server).

Introduction

A Local Area Network (LAN) is a network that connects computers and devices within a limited geographical area, typically within a single building or campus. In a LAN environment, data transfer speeds are high, and security is relatively easier to manage compared to wide area networks (WANs). When a chat system operates on the same LAN, communication between the chat server and clients occurs with minimal latency. Messages are transmitted directly between devices, bypassing the need to traverse external networks. This results in real-time communication, fostering seamless interactions between users while minimizing external dependencies and potential bottlenecks.

An air-gapped chat system is a secure communication platform designed to operate in an isolated environment, physically disconnected from external networks and the internet. The isolation ensures an exceptionally high level of security, as the system is impervious to remote hacking or cyberattacks. Messages are exchanged exclusively within the closed network, typically via local connections or secure channels, such as dedicated servers or encrypted transmission protocols. Air-gapped chat systems are commonly employed in highly sensitive environments, such as government agencies, financial institutions, or research facilities, where data confidentiality and protection against external threats are paramount.

An air-gapped chat system always runs in Local Area Network (LAN) which means all the network entities conserned in the communication are part of the same network. Such a chat system does not depend on any external resources.

Network entities of an Air-Gapped Chat System

In an air-gapped chat system, the network entities comprise the chat server and various chat clients, including web browser clients, Windows chat clients, and Mobile chat clients runing on Android or iPhone (Figure 1).

lan configuration dns https — Figure 1 - LAN configuration

Chat Server

The central hub of communication, the chat server facilitates message exchange and manages user connections within the closed network. It stores and processes messages, user accounts, and other relevant data. In an air-gapped environment, the chat server operates within the LAN, ensuring that communication remains confined within the isolated network.

Chat Clients
These are the applications through which users interact with the chat server. They include:

Web Browser Clients: Users access the chat system through web browsers, interacting with the server via web-based interfaces. This offers flexibility and accessibility, allowing users to connect from any device with network access within the LAN.

Windows Chat Clients: These are dedicated applications installed on Windows-based laptops, desktops and worksations, offering a richer user experience, enhanced features and better productivity compared to web browser clients.

Mobile Chat Clients: These are apps designed for smartphones and tablets that connect through WiFi to the air-gapped network. The mobile clients provide on-the-go access to the chat system. The installed Ozeki Chat App running on them is optimized for smaller screens and touch input.

In an air gapped setup, all chat clients connect to the chat server through the LAN, establishing direct communication channels within the closed network. This LAN-based connection ensures that data remains contained within the air-gapped environment, mitigating the risk of external intrusion or data leakage. By confining communication to the local network, the system maintains a high level of security, protecting sensitive information from external threats.

Add a local DNS server in your network

In an air-gapped LAN environment hosting a chat server, employing a local DNS server and a local SSL certificate authority (CA) is imperative for maintaining seamless and secure communication. Firstly, a local DNS server ensures efficient and reliable domain name resolution within the closed network. By managing the mapping between domain names and IP addresses locally, the DNS server eliminates the need to rely on external DNS services, which are inaccessible in an air-gapped environment. This local resolution capability enhances network performance and reduces latency by providing quick access to resources without depending on external infrastructure. It also ensures secure access.

Figure 2 - LAN configuration + DNS + Https

Secondly, deploying a local SSL certificate authority is also essential for securing communication channels within the air-gapped LAN. SSL certificates authenticate the identity of servers and encrypt data transmitted between clients and the server, safeguarding against eavesdropping and data tampering. By establishing a local CA, the chat server can issue SSL certificates for internal services, ensuring trust and integrity within the closed network. This approach mitigates the risk of man-in-the-middle attacks and unauthorized access, bolstering the overall security posture of the chat server environment.

Moreover, maintaining control over DNS resolution and SSL certificate issuance locally enhances the resilience and autonomy of the air-gapped LAN environment. It reduces dependencies on external services and mitigates the risk of disruptions caused by internet outages or external attacks. Additionally, by managing these critical components internally, administrators can enforce stringent security policies tailored to the organization's specific requirements, further fortifying the integrity and confidentiality of communication within the closed network. Overall, integrating a local DNS server and SSL certificate authority is essential for optimizing performance, ensuring security, and bolstering resilience in an air-gapped LAN hosting a chat server.

How to setup an air-gapped chat system

Prepare Your LAN Environment: Ensure you have a dedicated physical erver or a dedic virtual private server (VPS) within your air-gapped LAN environment where you'll install Ozeki Chat Server. Assign a static IP address to this server to ensure consistent connectivity. You can use both Windows or Linux as the server OS.

Download Ozeki Chat Server: Obtain the installation package for Ozeki Chat Server from the official website (https://ozeki.chat) or a trusted source. After download, transfer the Installation Package: If your air-gapped environment allows external file transfers, transfer the Ozeki Chat Server installation package to the designated server using a secure method, such as USB drive or local network transfer.

Run the Installer: On the server, extract the contents of the installation package to a directory of your choice. Navigate to the extracted directory and run the installer executable file to begin the installation process. Information about the installation steps can be found in the Ozeki Chat Server Installation guide.

Configure Private DNS: To access your air-gapped chat system using a DNS name, you must configure your private DNS settings. Specify the internal domain name and IP address mapping for the chat server within your LAN environment.

HTTPS Setup: Enable HTTPS protocol for secure communication between clients and the chat server. Follow the provided instructions to configure HTTPS settings during the installation process.

Local SSL Certificate Authority (CA) Setup: Set up a local SSL certificate authority (CA) to issue SSL certificates for internal services. Generate SSL certificates for the chat server to ensure secure communication channels within the air-gapped LAN environment.

Install Chat Clients: Install Ozeki Chat Client on the devices within your LAN network that will be used to connect to the chat server. Follow the installation instructions provided with the client software. You can install windows chat clients, install android chat clients, install iphone chat clients or you may simply chat without any installation in a webbrowser.

Test your chat clients: Open the installed Ozeki Chat Client and type in the workspace name, that points to your local chat server. This can be the local DNS name of your chat server. Verify that the client is able to connect to the server within the LAN by enering your username and password.

Test the connectivity of Ozeki Chat Server within your air-gapped LAN environment by launching chat clients on various other devices and ensuring they can connect to the server and exchange messages seamlessly. Conduct internal tests to verify message delivery and real-time communication functionality.

Conclusion

In conclusion, an air-gapped chat system operating within a Local Area Network (LAN) offers a robust and secure platform for communication within closed environments. By leveraging the high-speed data transfer and manageable security inherent to LAN environments, such systems facilitate real-time interactions between users while minimizing external dependencies and potential vulnerabilities. The inherent security of an air-gapped setup, physically disconnected from external networks and the internet, ensures a significantly reduced risk of remote hacking or cyberattacks, making it an ideal choice for highly sensitive environments such as government agencies, financial institutions, or research facilities.

Furthermore, the integration of local DNS server and SSL certificate authority solutions within the air-gapped LAN environment is crucial for maintaining seamless and secure communication channels. The local DNS server enables efficient domain name resolution and eliminates reliance on external DNS services, enhancing network performance and reducing latency. Similarly, a local SSL certificate authority ensures trust and integrity within the closed network by facilitating secure communication channels and mitigating the risk of unauthorized access or data tampering. By maintaining control over these critical components internally, organizations can enforce stringent security policies tailored to their specific requirements, thereby enhancing the resilience and autonomy of the air-gapped chat system environment. Overall, the combination of an air-gapped LAN setup with local DNS and SSL solutions provides a comprehensive approach to optimizing performance, ensuring security, and bolstering resilience in sensitive communication environments.

More information

Ozeki Air Gapped Chat System on LAN with local DNS

Ozeki Chat NAT configuration with Fix public IP and DNS with HTTPS

Ozeki Chat NAT configuration dynamic DNS with HTTPS

How to setup Ozeki Chat Server on a network where firewall port forwarding is disabled

How to determine the local IP address of my computer

< On premises deployments | On-premises with fix IP >