(Air Gapped) Data Storage and security

Dashrender

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

What's the actual request/requirement? We were airgapped but it was from the outside world. We still had an internal Network (actually multiple that were airgapped from each other). But you had to be in the building and at the correct systems to access the data.

This was my thinking.

Users will need two computers one for the air-gapped network and one for the internet network.
The real problem here is that I assume you’re making the CAD drawings for clients... so how do those in power propose getting the fl data gram an airgapped system to the client?

We had what they call a media center. You requested a file or files in the media center and it was exported for you and tracked. Then it was copied to an encrypted media and you could send it out of the building.

I'm not sure how this helps? What could you plug that encrypted media into for viewing/editing? if that was a totally controlled machine - what prevents it from being copied and redistributed? of course you'd know who was responsible for that data at that time, so you could blame someone, but the data is still out there.

Dashrender

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

Also, As JB said, screen shots/ cellphone pictures is still a real risk... will people be checking their phones at the door?

We did. We had company phones and weren't allowed private phones in the building. They disabled the camera and other functions on the phone.

I had a client ask me about locking down things, not quite as bad as the OP, but bad enough. I asked them - you going to keep cellphones out? are you going to prevent access to the internet? are you going to prevent access to email, etc, etc, etc? If not, you're going way overboard on protecting this data.

They agreed that they were going overboard and backed down.

stacksofplates

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

What's the actual request/requirement? We were airgapped but it was from the outside world. We still had an internal Network (actually multiple that were airgapped from each other). But you had to be in the building and at the correct systems to access the data.

This was my thinking.

Users will need two computers one for the air-gapped network and one for the internet network.
The real problem here is that I assume you’re making the CAD drawings for clients... so how do those in power propose getting the fl data gram an airgapped system to the client?

We had what they call a media center. You requested a file or files in the media center and it was exported for you and tracked. Then it was copied to an encrypted media and you could send it out of the building.

I'm not sure how this helps? What could you plug that encrypted media into for viewing/editing? if that was a totally controlled machine - what prevents it from being copied and redistributed? of course you'd know who was responsible for that data at that time, so you could blame someone, but the data is still out there.

You couldn't plug it in to your computer. It was given to you from the media center. Then you could send it to clients, who had the credentials to decrypt it.

stacksofplates

This post is deleted!

stacksofplates

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

What's the actual request/requirement? We were airgapped but it was from the outside world. We still had an internal Network (actually multiple that were airgapped from each other). But you had to be in the building and at the correct systems to access the data.

This was my thinking.

Users will need two computers one for the air-gapped network and one for the internet network.
The real problem here is that I assume you’re making the CAD drawings for clients... so how do those in power propose getting the fl data gram an airgapped system to the client?

We had what they call a media center. You requested a file or files in the media center and it was exported for you and tracked. Then it was copied to an encrypted media and you could send it out of the building.

I'm not sure how this helps? What could you plug that encrypted media into for viewing/editing? if that was a totally controlled machine - what prevents it from being copied and redistributed? of course you'd know who was responsible for that data at that time, so you could blame someone, but the data is still out there.

You couldn't plug it in to your computer. It was given to you from the media center. Then you could send it to clients, who had the credentials to decrypt it.

All of the systems had USB storage disabled. The only way to get things on and off of the network was through the media center.

Dashrender

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

What's the actual request/requirement? We were airgapped but it was from the outside world. We still had an internal Network (actually multiple that were airgapped from each other). But you had to be in the building and at the correct systems to access the data.

This was my thinking.

Users will need two computers one for the air-gapped network and one for the internet network.
The real problem here is that I assume you’re making the CAD drawings for clients... so how do those in power propose getting the fl data gram an airgapped system to the client?

We had what they call a media center. You requested a file or files in the media center and it was exported for you and tracked. Then it was copied to an encrypted media and you could send it out of the building.

I'm not sure how this helps? What could you plug that encrypted media into for viewing/editing? if that was a totally controlled machine - what prevents it from being copied and redistributed? of course you'd know who was responsible for that data at that time, so you could blame someone, but the data is still out there.

You couldn't plug it in to your computer. It was given to you from the media center. Then you could send it to clients, who had the credentials to decrypt it.

My point is that whomever decrypts it can distribute it anyway they like, unless you manage the computers they are decrypting on as well. But perhaps it's OK once you reach this stage, you don't care after the secure delivery has taken place, the onus is now on them?

stacksofplates

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

What's the actual request/requirement? We were airgapped but it was from the outside world. We still had an internal Network (actually multiple that were airgapped from each other). But you had to be in the building and at the correct systems to access the data.

This was my thinking.

Users will need two computers one for the air-gapped network and one for the internet network.
The real problem here is that I assume you’re making the CAD drawings for clients... so how do those in power propose getting the fl data gram an airgapped system to the client?

We had what they call a media center. You requested a file or files in the media center and it was exported for you and tracked. Then it was copied to an encrypted media and you could send it out of the building.

I'm not sure how this helps? What could you plug that encrypted media into for viewing/editing? if that was a totally controlled machine - what prevents it from being copied and redistributed? of course you'd know who was responsible for that data at that time, so you could blame someone, but the data is still out there.

You couldn't plug it in to your computer. It was given to you from the media center. Then you could send it to clients, who had the credentials to decrypt it.

My point is that whomever decrypts it can distribute it anyway they like, unless you manage the computers they are decrypting on as well. But perhaps it's OK once you reach this stage, you don't care after the secure delivery has taken place, the onus is now on them?

Yeah. I mean it's been sanitized (if needed) from the media center. After that, it's out of our hands. A lot of it was data that was required by the gov't to be treated that way. You can only control what you can control.

Dashrender

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

What's the actual request/requirement? We were airgapped but it was from the outside world. We still had an internal Network (actually multiple that were airgapped from each other). But you had to be in the building and at the correct systems to access the data.

This was my thinking.

Users will need two computers one for the air-gapped network and one for the internet network.
The real problem here is that I assume you’re making the CAD drawings for clients... so how do those in power propose getting the fl data gram an airgapped system to the client?

We had what they call a media center. You requested a file or files in the media center and it was exported for you and tracked. Then it was copied to an encrypted media and you could send it out of the building.

I'm not sure how this helps? What could you plug that encrypted media into for viewing/editing? if that was a totally controlled machine - what prevents it from being copied and redistributed? of course you'd know who was responsible for that data at that time, so you could blame someone, but the data is still out there.

You couldn't plug it in to your computer. It was given to you from the media center. Then you could send it to clients, who had the credentials to decrypt it.

My point is that whomever decrypts it can distribute it anyway they like, unless you manage the computers they are decrypting on as well. But perhaps it's OK once you reach this stage, you don't care after the secure delivery has taken place, the onus is now on them?

Yeah. I mean it's been sanitized (if needed) from the media center. After that, it's out of our hands. A lot of it was data that was required by the gov't to be treated that way. You can only control what you can control.

LOL - I actually changed my mindset halfway through writing that last post realizing this is likely no different than HIPAA data. You keep is secure on your side and during transit to those authorized on the outside, but once you give it to them, you can't can no longer control it.

stacksofplates

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

@Dashrender said in (Air Gapped) Data Storage and security:

@stacksofplates said in (Air Gapped) Data Storage and security:

What's the actual request/requirement? We were airgapped but it was from the outside world. We still had an internal Network (actually multiple that were airgapped from each other). But you had to be in the building and at the correct systems to access the data.

This was my thinking.

Users will need two computers one for the air-gapped network and one for the internet network.
The real problem here is that I assume you’re making the CAD drawings for clients... so how do those in power propose getting the fl data gram an airgapped system to the client?

We had what they call a media center. You requested a file or files in the media center and it was exported for you and tracked. Then it was copied to an encrypted media and you could send it out of the building.

I'm not sure how this helps? What could you plug that encrypted media into for viewing/editing? if that was a totally controlled machine - what prevents it from being copied and redistributed? of course you'd know who was responsible for that data at that time, so you could blame someone, but the data is still out there.

You couldn't plug it in to your computer. It was given to you from the media center. Then you could send it to clients, who had the credentials to decrypt it.

My point is that whomever decrypts it can distribute it anyway they like, unless you manage the computers they are decrypting on as well. But perhaps it's OK once you reach this stage, you don't care after the secure delivery has taken place, the onus is now on them?

Yeah. I mean it's been sanitized (if needed) from the media center. After that, it's out of our hands. A lot of it was data that was required by the gov't to be treated that way. You can only control what you can control.

LOL - I actually changed my mindset halfway through writing that last post realizing this is likely no different than HIPAA data. You keep is secure on your side and during transit to those authorized on the outside, but once you give it to them, you can't can no longer control it.

Well I mean usually if you're needing that data you're either authorized by the gov't to have it (so you will have the same controls) or it's been sanitized to the point of it not being that big of a deal if it's leaked. You'd have to be able to put together a whole bunch of different pieces of information to make anything of it.

scottalanmiller

@gjacobse said in (Air Gapped) Data Storage and security:

Can you (how do you) Air gap and secure data and still be able to make it available to a (end user)

Once the user can get to it, it's not air gapped any longer.