this post was submitted on 30 May 2024
2 points (100.0% liked)

Security

5014 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
 

So I have a situation where I would like to keep data secure. In my mind if I'm working on a computer that has no network connection, this is the safest.

However, I may from time to time need to transfer data to this machine, which introduces a vulnerability. Any thoughts on how I could minimize the risk in this case?

top 3 comments
sorted by: hot top controversial new old
[–] TheOneCurly@lemm.ee 1 points 5 months ago* (last edited 5 months ago) (1 children)

Are you concerned about sensitive data leaving the PC or some sort of infection (like a crypto-locker) being brought onto it? Also, what is your threat level? Are you likely to be targeted specifically?

With an airgap, it would be pretty difficult to get data off of it without being onsite. The most important things would be physically securing the device (locked room), using full disk encryption, and using some sort of 2-factor login system. (hardware security key, like a yubikey ideally).

Securing against infection is nearly impossible, as stuxnet showed. Your best bet to beat these is some common sense security with what you're transferring and lots of backups. If you do find an infection, you just blow the whole system up and restore from a clean backup.

[–] rando895@lemmygrad.ml 1 points 5 months ago

Thanks for this reply, definitely giving me things to think about that I never would have thought to ask.

I would be concerned with both sensitive data leaving, and an infection being brought onto it during a file transfer.

Again, I appreciate you, and this all makes a lot of sense.

[–] thebardingreen@lemmy.starlightkel.xyz 1 points 5 months ago* (last edited 5 months ago)

You don't say anything about the operating system you're using.

I like Qubes for this use case. You have one Qube that handles your USB devices and then you can move data in and out of that Qube whatever way feels safest. If we're talking documents, spreadsheets and / or text files, cutting and pasting the text is a pretty safe option. If were talking image or video files, you could re encode them with imagemagick or ffmpeg before copying them between Qubes. PDFs are a bit of a tougher nut to crack. And software is... well... software.

But Qubes is a very troubleshoot it yourself OS.