Proposed feature: Total Network Isolation

[syd]

EasyOS' security developments are interesting: Easy Containers, run as root, totally isolate drives.

However, while using the PC, some hackers can still access an OS via networking, bluetooth, or smartphone hacks / tricks, and can copy the screen / keystrokes / or files created. So I'd like to propose a further security measure:

"Total Network isolation": This could be a boot menu option to "Copy session to RAM & disable drives & all Networking" (wireless, wifi, bluetooth, ethernet, network services, most used ports, etc.). This would allow the user to comfortably work on the PC while completely isolated from both internal drives and the outside world - and away from prying hackers eyes and malware.

[Clarity]

I may be missing something. Please help me.

Why not do:

• dont start Wifi

• dont start Bluetooth

• dont start ethernet networking (or pull the ethernet wire out)

for isolation.

[bugnaw333]

I may be missing something. Please help me.

Why not do:

• dont start Wifi

• dont start Bluetooth

• dont start ethernet networking (or pull the ethernet wire out)

for isolation.

I am doing that when I use Windows...

[syd]

Clarity wrote: "Why not do: dont start Wifi; dont start Bluetooth; dont start ethernet networking (or pull the ethernet wire out) for isolation."

Obviously you've never been hacked. Computers are a can-o-worms; turning network items off doesn'tnecessarily mean that they aren't still broadcasting. And then you still have ports accessable; network services available; flimsy firewalls, etc. Some computer manufacturers and developers don't factor much security into their works.

Nevermind, I found a distro that does the network isolation feature.

[Clarity]

As far as I know, you can only hack via something has a active port via something physical.

Wireshark was a great tool for monitoring as well as other tools and those I've used from Cisco, etc.

What did you find, as I would like to review.

[syd]

Clarity wrote: "As far as I know, you can only hack via something has a active port via something physical."

That's what most ppl assume, but having been hacked many times by dodgy ppl sitting near to me with smartphones, I think that hackers can use smart devices to send signals to a computer, and gain access to it - even if you think wifi / bluetooth is "off". For example, hackers have sent a "shutdown" signal to my computer to turn it off while I was using it. Such smartphone / hacking tricks are on youtube.

The Linux "Lernstick EDU" version just got a very good review on Distrowatch:

https://distrowatch.com/weekly.php?issue=20231211

The other version - "Lernstick Exam" - has drive & network isolation - (but unfortunately it blocks USB drives as well):

"The learning stick EXAM exam environment is a special version of the learning stick in which access to Ethernet, WLAN, Bluetooth and local storage media (internal hard drive, other USB sticks) is initially prevented by default."

https://www-bfh-ch.translate.goog/de/fo ... _tr_pto=sc

[Clarity]

Most importantly: If it addresses your requirement, it all you need.

P.S. The review mentions "wireshark". You might want to take a look at how it can provide comfort too.