this post was submitted on 30 May 2024
1 points (100.0% liked)

Security

4945 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
[email protected]
1
Securing a computer? (lemmygrad.ml)
submitted 3 months ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
 

So I have a situation where I would like to keep data secure. In my mind if I'm working on a computer that has no network connection, this is the safest.

However, I may from time to time need to transfer data to this machine, which introduces a vulnerability. Any thoughts on how I could minimize the risk in this case?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 3 months ago* (last edited 3 months ago)

Are you concerned about sensitive data leaving the PC or some sort of infection (like a crypto-locker) being brought onto it? Also, what is your threat level? Are you likely to be targeted specifically?

With an airgap, it would be pretty difficult to get data off of it without being onsite. The most important things would be physically securing the device (locked room), using full disk encryption, and using some sort of 2-factor login system. (hardware security key, like a yubikey ideally).

Securing against infection is nearly impossible, as stuxnet showed. Your best bet to beat these is some common sense security with what you're transferring and lots of backups. If you do find an infection, you just blow the whole system up and restore from a clean backup.