The best way to protect your computer from external spies: airgap it

[thewayne]

Bruce Schneier, as I've written many times before, is quite a practical expert on computer security. He's run an experiment recently where he bought a new computer from a big box store and configured it for no external connections: no internet, no WiFi, very carefully controlled transfers on and off it. And this article offers his opinions on how practical this is.

And that's the nut of the matter: it isn't really practical. We live in a connected society, the last time I worked on a computer in a work situation that wasn't networked was probably around 1985, and we started networking them not long after that. If you absolutely must have security, an air gap is the only way to go, but then you have to worry about the physical security of such a system and other spying techniques such as recording your keystrokes from your smart phone sitting on the same desk or an electronic technique whose name I can't remember that can read your monitor remotely.

Schneier also points out that the Iranian nuclear program that was compromised by Stuxnet was airgapped, as was the American military computers that were compromised by a worm that was believed to be Chinese in origin.

http://www.wired.com/opinion/2013/10/149481/

Comments

[silveradept]

That must also require seriously paranoid operators as well - anyone else in the area could end up compromising your computer just by thinking it's the same as any other machine.