this post was submitted on 30 May 2024
2 points (100.0% liked)

Security

4828 readers
3 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
gary_host_laptop@lemmy.ml
2
Securing a computer? (lemmygrad.ml)
submitted 1 month ago by rando895@lemmygrad.ml to c/security@lemmy.ml
3 comments fedilink hide all child comments
 

So I have a situation where I would like to keep data secure. In my mind if I'm working on a computer that has no network connection, this is the safest.

However, I may from time to time need to transfer data to this machine, which introduces a vulnerability. Any thoughts on how I could minimize the risk in this case?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] TheOneCurly@lemm.ee 1 points 1 month ago* (last edited 1 month ago) (1 children)

Are you concerned about sensitive data leaving the PC or some sort of infection (like a crypto-locker) being brought onto it? Also, what is your threat level? Are you likely to be targeted specifically?

With an airgap, it would be pretty difficult to get data off of it without being onsite. The most important things would be physically securing the device (locked room), using full disk encryption, and using some sort of 2-factor login system. (hardware security key, like a yubikey ideally).

Securing against infection is nearly impossible, as stuxnet showed. Your best bet to beat these is some common sense security with what you're transferring and lots of backups. If you do find an infection, you just blow the whole system up and restore from a clean backup.

[โ€“] rando895@lemmygrad.ml 1 points 1 month ago

Thanks for this reply, definitely giving me things to think about that I never would have thought to ask.

I would be concerned with both sensitive data leaving, and an infection being brought onto it during a file transfer.

Again, I appreciate you, and this all makes a lot of sense.