What options are available for transferring data between unix machines separated

Question

What options are available for transferring data between unix machines separated by an air gap?

- USB flash drives
- Optical media eg CDs and DVDs
- Printed paper and Scanning+OCR
- QR Code software, displays or printers, and cameras
- Pen, paper and typing!
- Smartcards / ISO 7816
- Contactless / NFC / ISO 14443

Each of these have pros and cons, and I'm having a hard time identifying the smartest way to move things like certificates, private and public keys and other relatively short data, to and from an offline machine.

Explanation / Answer

There is no "golden rule" on how to to move the data. The options you have listed give you a tradeoff between security and convenience. You should think of threat models and analyze your security needs.

When there is data on the machine I wanted to protect, I would use convenient means (like CD or throw-away usb sticks) to get data onto the machine, knowing that a malware could have been transported onto the machine, and very secure means (like QR code software or papers and typing) to get them back. Of course, if the data were really important, I'd ensure a good air-gap to defend against badbios-like (ultrasound) communication methods, or use very secure means for the other direction, to prevent malware to get onto the isolated machine.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.