So I have a situation where I would like to keep data secure. In my mind if I’m working on a computer that has no network connection, this is the safest.

However, I may from time to time need to transfer data to this machine, which introduces a vulnerability. Any thoughts on how I could minimize the risk in this case?

  • TheOneCurly
    link
    fedilink
    English
    1
    edit-2
    7 months ago

    Are you concerned about sensitive data leaving the PC or some sort of infection (like a crypto-locker) being brought onto it? Also, what is your threat level? Are you likely to be targeted specifically?

    With an airgap, it would be pretty difficult to get data off of it without being onsite. The most important things would be physically securing the device (locked room), using full disk encryption, and using some sort of 2-factor login system. (hardware security key, like a yubikey ideally).

    Securing against infection is nearly impossible, as stuxnet showed. Your best bet to beat these is some common sense security with what you’re transferring and lots of backups. If you do find an infection, you just blow the whole system up and restore from a clean backup.

    • @rando895@lemmygrad.mlOP
      link
      fedilink
      17 months ago

      Thanks for this reply, definitely giving me things to think about that I never would have thought to ask.

      I would be concerned with both sensitive data leaving, and an infection being brought onto it during a file transfer.

      Again, I appreciate you, and this all makes a lot of sense.

  • The Bard in GreenA
    link
    fedilink
    1
    edit-2
    7 months ago

    You don’t say anything about the operating system you’re using.

    I like Qubes for this use case. You have one Qube that handles your USB devices and then you can move data in and out of that Qube whatever way feels safest. If we’re talking documents, spreadsheets and / or text files, cutting and pasting the text is a pretty safe option. If were talking image or video files, you could re encode them with imagemagick or ffmpeg before copying them between Qubes. PDFs are a bit of a tougher nut to crack. And software is… well… software.

    But Qubes is a very troubleshoot it yourself OS.