Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Tips to build an OpenBSD Thinkpad for airgap use?
7 points by niels_olson on Jan 8, 2015 | hide | past | favorite | 4 comments
I'm interested in setting up an airgap machine. My gut says I should run OpenBSD on a ThinkPad and just figure out all the dependencies. Tails sounds good too, though that's a slightly different problem. I want a permanent system. I just don't want it on the network much and I do want it to handle protocols well. Seems like OpenBSD is the way to go in that regard. But then, I'm definitely not an expert.

There are any number of gotchas to managing an airgap machine though, and there are any number of problems with installing a new OS on a laptop. Wanted to solicit for opinions while I wait for my copy of Absolute OpenBSD to arrive.



INSUFFICIENT DATA FOR MEANINGFUL ANSWER [1]

Why?

What does the OS or network config matter if it's "airgapped"?

What do you consider an "airgapped machine"?

1. http://www.multivax.com/last_question.html


> What does the OS or network config matter if it's "airgapped"?

Fundamentally, you're still moving data on and off the machine. The software implementing the communications protocols can still be vulnerable. So the procedures for maintaining the airgap matter. Schneier has some good pointers on this.

> What do you consider an "airgapped machine"?

A machine that, once set up, never sees a network. At the limit, set up one machine, scan that disk image for viruses, then install it on a second identical machine.


Yes but why? What are your goals? What conclusion are you trying to arrive at? Is TEMPEST a concern? Is hardware that may break your airgap (bluetooth, any weird IPMI stuff, etc) a concern?

A meaningful answer cannot be given if we don't know your goals, here.


Mostly academic curiosity, but being in the government, there's always an non-theoretical risk someone will decide to come after you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: