I'm looking for a secure and practical method to transfer files from my trusted PC to an untrusted PC. I can physically access both machines, but I'm worried that creating a direct connection might allow the untrusted PC to send malware back to the trusted one. The safest method I thought of is using cloud storage like Google Drive or OneDrive, where I would upload from the trusted PC and then download on the untrusted PC. Is this method safe? Are there any quicker or safer alternatives?
3 Answers
Using cloud storage isn't a bad idea, but it's worth noting that if there's malware on the untrusted PC, it could theoretically access your cloud account or corrupt your files. A thumb drive or external hard drive is generally the safest option. Just make sure to securely wipe it after its use with the untrusted PC. In general, avoid connecting untrusted PCs to your main network; I set up a separate VLAN and firewall for them. Stick with the thumb drive method!
Consider what you need for the transfer. Do you require encryption and identity verification? If security is a priority, SCP (Secure Copy Protocol) over SSH might work well since it only relies on a public key on the untrusted device, minimizing exposure. You could also use PGP for file encryption to maintain integrity, even over a risky connection. Just remember, this is all push-based, so you won't be giving the untrusted PC any access to your trusted device.
My main concern is preventing the untrusted device from infecting my trusted one. If there's a direct connection, can the untrusted PC only receive files and not send anything back? Is SCP a good fit for this scenario?
One quick way is to upload the files to Google Drive and just access the download link from the untrusted PC. You don't even have to log into your account on that one!
What if I create a separate Google account just for these transfers? Would that be a good idea?
My untrusted PC is also isolated on its own VLAN. How exactly do I securely wipe the drive? Just formatting it in Disk Management? Also, what does it mean to "set up a share" on the untrusted PC? Is that secure?