1

I want the hard disk where my data is stored to be secure from foreign external access. Is there a physical possibility to protect my hard disk or any kind of data storage, like a computer architecture where my memory is physically disconnected from the whole system as long as I want to access it?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Khan
  • 123
  • 3
  • 3
    Not my downvote, but I think it your question is a bit unclear. What do you mean with "disconnected from the whole system as long as I want to access it"? – Anders May 10 '16 at 13:27
  • Something like an external USB-Harddisk? It is disconnected until you plug it in. – Tokk May 10 '16 at 13:42
  • my english is maybe not good to formulate my question. I want a data storage completly seperate from a computer like an unplugged usb stick. that is what i mean with disconnected. – Khan May 10 '16 at 13:46
  • What do you mean by "architecture"? If you use a USB stick and only connect it when you need the data from it, does that satisfy your question? If not, why not? – schroeder May 10 '16 at 14:34
  • An external harddisk is not a computer, it is plugged in to a computer: But i dont want to plug in my USB harddisk to my computer before i can boot my computer and then unplugg it for safety.I want a computer where the Harddisk is UNPLUGGED automatically , physically without software when i dont want to access to it. Only if i want to access my Data the computer should connect to my Harddisk. If the answer was only "BUY a USB HARDDISK " i would not try to ask it here. WTF guys.... – Khan May 10 '16 at 16:13
  • @Khan what you just described is not an "architecture". Having a robot hand unplug a storage device is merely a convenience feature. The problem we are having is that you seem to want the *computer* to decide that it's time to connect or disconnect storage, and to do that, it will never be "completely separate". That's why we are suggesting an external party (you, the user) making that decision. – schroeder May 17 '16 at 00:09

1 Answers1

1

What you are asking about for your storage is often called Air Gap. You can build it quite easily in a number of ways. But there are plenty of drawbacks:

  • Whenever you want to do something with your data, you will have to connect your Memory. Anyone attacking you will simply wait for that moment. Stuxnet seems to have worked that way. Computer viruses generally know how to cope with this since the beginning, when they used to spread via floppy disks. I have not checked in detail, but I guess recent ransomware is hibernating some time on the victims computers to make sure that enough relevant devices are mounted (Neal Stephenson even wrote a novel around that plot: Reamde).

  • Additionally, if you need to work with the data on a regular basis, mounting and dismounting the device will be quite burdensome. So you, or whoever is supposed to use the system might get bored and stop disconnecting.

Still want to do it?

  • As mentioned by others, you can use a thumb drive, external hard drive, SD-card, etc. If you want to defend your data against destruction (e.g. ransomware), a device with write protection (e.g. SD Cards) might be preferable.

  • By the way, you can also physically disconnect an (additional) internal hard drive.

  • If you are not so strict about the disconnecting being physical, you can simply unmount your drive (please check the specific steps needed on your OS). A casual attacker might miss an unmounted drive, but I would not rely on that.

  • Last, but not least, you can put your data on an encrypted partition (e.g. using VeraCrypt or BitLocker). Unmount the partition, when not in use. Actually, while this is not exactly what you asked for, it probably will be your best choice in most scenarios, as it protects against whole a number of attacks. You can put that encrypted partition on an external drive, if you still want your physical separation. Also, be sure to back it up frequently to prevent destruction by ransomware.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Vincent
  • 201
  • 1
  • 3
  • thank god i managed to formulate my question so at least one understood it. – Khan May 10 '16 at 16:42
  • 1
    @Khan: except for air gapping, none of what Vincent actually mentioned is true physical separation though, but air gapping still requires manual connection and separation. Essentially, the only practical air gapping you can do at home boils down to using an external USB Hard disk. You may be able to build a robot hand that can connect and disconnect connectors, but if this robot hand can be controlled from the system (by software), then it's still again not true physical separation. – Lie Ryan May 11 '16 at 01:36
  • yes and that was actually i was asking for too. Is there an architecture , where the "robot" to disconnect and connect is not part of the system. On a smarthpone for example it could be a button that poweroffs the connection from data storage to system. And if the System has a operating system on readonly memory, that could work? – Khan May 12 '16 at 10:26