Re: How 2 secure PC-PC data transfer

See below...
On Thu, 1 Oct 2009 15:23:44 -0700 (PDT), Paul <energymover@xxxxxxxxx> wrote:

Hi,

Lets face it, IMO there's a good chance any online PC will be silently
hacked one day, and you'll probably never know it. How can I prevent
hackers from ripping off my years of Windows app source code? My
present solution is to use 2 PC's. One offline (contains my code), one
online (for searching and stuff).
****
I use a similar technique; I have one machine that is online and has a LOT of limitations
(the logged-in user 'email' can only access a VERY limited set of resources). The other
machines are connected to it. All machines live behind a SonicWall firewall (a nice
machine; it just sits there and runs for years, requiring no attention). I also disable
ANY ActiveVirus (also called ActiveX) control, and all forms of client-side scripting. Any
executable attachment to an email is removed by my ISP. I never double-click an email
attachment.

The assumption that you are going to open your machine to attack is one of the worst ideas
that Web designers ever tried to shove down our throats.
****

So I code on the PC that is offline, completely disconnected form the
world, but that's such a pain! Anytime I need to search online to do
something or get some example code, I have to go to my online PC,
search the Internet for sample code, copy files to USB drive, go to my
other PC, put in USB drive, and copy files.

I need a better way! I'm told that connecting a Ethernet cable between
PCs is not that secure. How about a parallel cable? Both of my PCs
have parallel slots, and I have the cable. Is it as simple as plugging
the cable from PC to PC, and writing some simple low level data
transfer code, or does it require hardware?
****
I have no idea what you mean by "not that secure". Security is not a function of an
Ethernet cable. Security is a frame of mind, and it starts with firewalls, antivirus
tools, securing your machine against obvious attack vectors, etc. It means making sure
you don't do stupid things, like allow client-side scripting from unknown sites.
****

I would have a small app, that I wrote, on both machines, each
listening. On my online PC I would copy text in app textarea box,
click send, and offline PC gets it and places text in a file. All low
level stuff. I could even use a parallel port switch to disconnect
when not in use. Maybe it's a good idea, but I don't know if simply
connecting a parallel port cable from PC to PC will work.
****
The "small app" on your online machine is called an "FTP Server" and the small app on your
client machine is called an "FTP client". Open source (free) versions of these utilities
are downloadable from a variety of sites.

If you have a front-end software that blocks all incoming FTP requests from the WAN (look
at products like Black Ice), it is safe from random people, and you don't need to write
anything special, because it has already been written.

You are trying to create a complex solution to what is actually a non-problem. Use the
simple solutions. That's what I did, and therefore security is no longer a problem I deal
with, because the site is intrinsically secure.

Your approach has been used for years by all kinds of sites; a potentially vulnerable
machine lives outside the "security zone" but it doesn't matter if it is attacked; secure
data lives behind a set of security barriers that do not supply any attack vector.

My firewall blocks ALL incoming requests. Every port. There is *nothing* that I supply
as a service that I want visible to anyone outside my corporate walls. My Web site is
managed by my ISP, and I therefore have no reason to allow ANY incoming TCP or UDP
connection, so I block them all. I also block all outgoing requests except to port 80
(HTTP), FTP, SMTP, and NTP (Network Time Protocol). So even if something gets into my
machine, it can't send anything out. Since your secure machine has no FTP server, your
online machine can't retrieve anything from it. If your firewalls reject all WAN
connections and allow only LAN connections, you can't have anyone get to it from outside.

So you can create security without redefining the problem so that the only solution is
hand-rolled code. The reason I call it a non-problem is that there are commercial,
shareware, and freeware solutions out there already that solve the security problem
without creating new problems to solve.
joe
****

Thanks for any help,
Paul
Joseph M. Newcomer [MVP]
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.

Relevant Pages

  • Re: How 2 secure PC-PC data transfer
    ... I have one machine that is online and has a LOT of limitations ... connecting a parallel port cable from PC to PC will work. ... machine lives outside the "security zone" but it doesn't matter if it is attacked; ... software is that hackers know the protocol and vulnerabilities. ...
    (microsoft.public.vc.mfc)
  • Hackers Shift to Financial Gain
    ... Internet criminals not content to just wreak havoc online ... The prime objective for hackers and online thieves has shifted from ... largely hitting major corporate networks to gaining control of home ... Symantec this week released its Internet Security Threat Report. ...
    (comp.dcom.telecom)
  • Attention, online shoppers, be wary
    ... a good portion of consumers worry about cyber security. ... With U.S. shoppers expected to spend about $26 billion online this ... Web site whose name is contained in the e-mail, ...
    (misc.consumers)
  • RE: Dumb newbie question
    ... the servers and workstations have the latest security patches, ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ... without disrupting your career or home life. ...
    (Security-Basics)
  • Re: Unauthorised transaction on my Visa debit card
    ... They told me which card was used, it is a card I decided I no longer ... Another way is to buy online, in which case the card does not need to exist. ... There is an industry security standard that prohibits ... or Master Card Secure Code, which collectively are known as 3-D secure. ...
    (uk.legal)
Loading