Possibly very dumb question: If one computer is connected to the
internet, hence potentially subject to malware attack, and another
is isolated from the internet, what is the best and secure way
of transferring data between them, without any fear of infection
of the second computer? Thanks.
On 2011-11-22, Mok-Kong Shen <mok-kong.shen@t-online.de> wrote:
> Possibly very dumb question: If one computer is connected to the
> internet, hence potentially subject to malware attack, and another
> is isolated from the internet, what is the best and secure way
> of transferring data between them, without any fear of infection
> of the second computer? Thanks.
Depends on what you transfer, and what the computers are.
Under linux, you can use rsync to securely transfer files. But only
transfer files that you know what they are.
If the first computer has malware on it, then it could transfer whatever
it wanted, so you should not trust the transfered files (Ie do not
transfer and executables, only data for programs that you know cannot be
subverted by bad data.)
>
> M. K. Shen
Am 22.11.2011 22:29, schrieb unruh:
> On 2011-11-22, Mok-Kong Shen<mok-kong.shen@t-online.de> wrote:
>> Possibly very dumb question: If one computer is connected to the
>> internet, hence potentially subject to malware attack, and another
>> is isolated from the internet, what is the best and secure way
>> of transferring data between them, without any fear of infection
>> of the second computer? Thanks.
>
> Depends on what you transfer, and what the computers are.
> Under linux, you can use rsync to securely transfer files. But only
> transfer files that you know what they are.
>
> If the first computer has malware on it, then it could transfer whatever
> it wanted, so you should not trust the transfered files (Ie do not
> transfer and executables, only data for programs that you know cannot be
> subverted by bad data.)
I am sorry to say that I yet see difficulties: How do I know that the
data is such that it cannot be subverted by bad data. (The argumentation
seems like that of the hen and egg problem.)
On 2011-11-23, Mok-Kong Shen <mok-kong.shen@t-online.de> wrote:
> Am 22.11.2011 22:29, schrieb unruh:
>> On 2011-11-22, Mok-Kong Shen<mok-kong.shen@t-online.de> wrote:
>>> Possibly very dumb question: If one computer is connected to the
>>> internet, hence potentially subject to malware attack, and another
>>> is isolated from the internet, what is the best and secure way
>>> of transferring data between them, without any fear of infection
>>> of the second computer? Thanks.
>>
>> Depends on what you transfer, and what the computers are.
>> Under linux, you can use rsync to securely transfer files. But only
>> transfer files that you know what they are.
>>
>> If the first computer has malware on it, then it could transfer whatever
>> it wanted, so you should not trust the transfered files (Ie do not
>> transfer and executables, only data for programs that you know cannot be
>> subverted by bad data.)
>
> I am sorry to say that I yet see difficulties: How do I know that the
> data is such that it cannot be subverted by bad data. (The argumentation
> seems like that of the hen and egg problem.)
It depends on the programs. For example, if all the program does is
print out the text (data) it is really hard for bad data to subvert the
printing program. Ie, while the data you print out may be wrong, the
printing program will not open a hole in your system allowing someone to
take over your machine. If the data is a javascript program then using
that data may well subvert your machine.
> It depends on the programs. For example, if all the program does is
> print out the text (data) it is really hard for bad data to subvert the
> printing program. Ie, while the data you print out may be wrong, the
> printing program will not open a hole in your system allowing someone to
> take over your machine. If the data is a javascript program then using
> that data may well subvert your machine.
Thanks. I have an additional question: If I use an USB stick to transfer
that harmless text file, would that be problematical, because the
malware on the first computer could on that occasion have a chance to
infect the second computer, or is that not possible? (If yes, what
security measure could be taken?)
> Am 23.11.2011 23:47, schrieb unruh:
>
> > It depends on the programs. For example, if all the program does is
> > print out the text (data) it is really hard for bad data to subvert the
> > printing program. Ie, while the data you print out may be wrong, the
> > printing program will not open a hole in your system allowing someone to
> > take over your machine. If the data is a javascript program then using
> > that data may well subvert your machine.
>
> Thanks. I have an additional question: If I use an USB stick to transfer
> that harmless text file, would that be problematical, because the
> malware on the first computer could on that occasion have a chance to
> infect the second computer, or is that not possible? (If yes, what
> security measure could be taken?)
>
> M. K. Shen
The simple answer is that if you connect (network, USB stick, floppy
disk etc.) any computer to another, possibly infected, computer there
is a risk of the (sterile) computer becoming infected. That risk
might be very small depending on the tools/medium used, but there is
no 100% guarantee other than keeping the sterile computer "sterile".
Pete
--
"We have not inherited the earth from our ancestors,
we have borrowed it from our descendants."
On 2011-11-24, Mok-Kong Shen <mok-kong.shen@t-online.de> wrote:
> Am 23.11.2011 23:47, schrieb unruh:
>
>> It depends on the programs. For example, if all the program does is
>> print out the text (data) it is really hard for bad data to subvert the
>> printing program. Ie, while the data you print out may be wrong, the
>> printing program will not open a hole in your system allowing someone to
>> take over your machine. If the data is a javascript program then using
>> that data may well subvert your machine.
>
> Thanks. I have an additional question: If I use an USB stick to transfer
> that harmless text file, would that be problematical, because the
> malware on the first computer could on that occasion have a chance to
> infect the second computer, or is that not possible? (If yes, what
> security measure could be taken?)
You still have not told us which operating system. If your second system
has a habit of running code on a device that is plugged in, then it is
dangerous.
>
> M. K. Shen
> You still have not told us which operating system. If your second system
> has a habit of running code on a device that is plugged in, then it is
> dangerous.
I use Windows 7. Would Linux be better in that respect?
On 25 nov 2011, 13:21, Mok-Kong Shen <mok-kong.s...@t-online.de>
wrote:
> Am 24.11.2011 23:06, schrieb unruh:
>
> > You still have not told us which operating system. If your second system
> > has a habit of running code on a device that is plugged in, then it is
> > dangerous.
>
> I use Windows 7. Would Linux be better in that respect?
>
> M. K. Shen
Windows machines use to autoexecute files in removable devices. This
behaviour can be overriden using security policies and different
windows OS have different default behaviour.
I would mount it on linux and edit the /etc/fstab to add a noexec
parameter in the removable device so no accidents could happen.
Q: Secure transfer of data between computers 
Linear Mode
