| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: BOINC Agent Support
Thread: BOINC on an off-line computer |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 26
|
|
| Author |
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I have both computers.
This one is connected to the internet, obviously, and to the other one through a LAN. Both computers are controlled through a KVM switch. This one cannot see the other one over the LAN. The other one can see this one over the LAN. With this setup i think (hope) that the sensitive information on the other one will not be visible to any malware i might get on this one. Expert comment will be welcome on this point. This is why i say there will not be an internet connection on the second machine. UD was no problem and i was hoping i could use BOINC now i have had to change. Thanks for all the replies, i was hasty with my comment. |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
If one PC is connected to the internet in the LAN look at the Internet Sharing function of Windows. Works pretty seemless on WinXP. In that case all the sneakernetting would not be needed.
----------------------------------------About one seeing the other and the other seeing this one, i've had a long struggle which is firewall related where i cant get BOINCview (3rd party add-on) to see one particular client, which in turns sees all in the network. It's something with 2 software firewalls fighting each other over the specific 31416 port used by BOINC. If either of the 2 is off, it works fine.
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
This one cannot see the other one over the LAN. The other one can see this one over the LAN. With this setup i think (hope) that the sensitive information on the other one will not be visible to any malware i might get on this one. Expert comment will be welcome on this point. If machine A can see machine B, then B can at the very least see that A exists. (After all, the only way a machine can "see" another is to see a packet from it and usually it will send one in order to get one, and at that point any software with access to the network knows that both machines exist.) Whether software on B it can successfully mount an attack on A depends on how secure the other machine is and whether it's running any software that can be exploited. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
The internet machine has one shared folder.
The second machine has no sharing set. I use the KVM switch to access the second machine and then use that single folder as a port for dragging and dropping. Even if malware could see the shared folder on the internet machine it still could not access the second machine (i hope) because there is no sharing allowed. So if i keep the internet machine clear of malware the sensitive information on the second machine should be safe. I've just gone dual-core on the internet machine and i can now run all the security software while listening to the radio or even watching tv :-). |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
It's more complicated than that. Unless you know exactly what you are doing, you should treat the second computer as exposed to the Internet (in which case it is probably safer to give it a real Internet connection, and take all the normal precautions). Overly paranoid, perhaps, but no more paranoid than what you're trying to do.
In short: just share the Internet connection. If you really don't want to do this, then you can install proxy software on the first machine. Again, this is non-trivial if you haven't done it before. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Are you saying that although the second machine has no internet connection and is not visible over the LAN malware could still gain access to it? How is this possible?
I don't understand proxies so i wont be using that. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
That's just it. If you don't understand exactly what is going on, it is easy to leave your computer less secure than you think it is. As Kremmen explained, the computer must be visible on the LAN to a certain degree. The visible shared folder is just the tip of the iceberg, and File and Print Sharing has had a few vulnerabilities in the past. For example, there are the default shares - if you set it up wrong, you may be sharing your entire hard drive and not know it. There are circumstances also, if you rely on a workgroup instead of a domain, when these shares can be accessed with no password at all.
Later versions of Windows are better at closing these vulnerabilities, but my personal opinion is that treating any machine with an active LAN connection as "isolated" is a mistake. If you really need an isolated machine, pull the network cable. If not, then you might as well have the convenience of Internet access. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Thank you, i'm going to have to rethink this.
|
||
|
|
www.EverestPoker.org.uk
Cruncher Joined: Dec 13, 2007 Post Count: 3 Status: Offline |
Just put the computer on the Internet, it's so much easier and isn't that big a threat that the scaremongers would like you to believe.
Install an antivirus, use basic precautions, there won't be a problem. And always wear a seatbelt. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I think the most important things you can do are:
a) Don't download rubbish. I dare say most malware gets onto people's machines by them downloading something from an untrustworthy site or from a "friend" whose machine is infected, etc. I always download software from a trusted source (preferably the company which produces it or sourceforge or cnet, etc). b) Be unseen. Most direct attackers on the net are scanning thousands/millions of IP addresses. If they scan your IP address and get no response, they will assume there is nothing there and go on their way. Many broadband modems will reply to packets from the outside world even if they have a firewall function enabled. (... stupid of them, but it's the way it is. The reply is a rejection, but it still tells the attacker that there's something there.) If you forward all incoming traffic to a firewall and then silently drop all incoming packets that aren't in response to something you sent out, you're invisible. Shields Up on GRC's web site is an easy way to test how visible your system is to outside attackers. (I do have a few ports open for IMs to use, but they are way above the usual services range, so an attacker would have to probe thousands of ports to hit one and then there would need to be a vulnerability in Miranda for it to be useful to them.) fwiw, I've been online for 18 years and never had a virus or an anti-virus program on any of my home machines. |
||
|
|
|