A dedicated OS for secure online banking?

On Sun, 30 Aug 2015 17:46:01 +0000, SimonG wrote:

> When I thought about its importance to me - or rather the potential
> implications/cost of a security breach – verses the low cost of basic
> computer components these days, in the end, I decided to build a new
> desktop, wholly dedicated to secure online transactions.
> Even though it is a low spec/cost, basic machine, I’m sure many would
> consider it overkill, but at least I can sleep at night.

I don’t think it’s that many might consider it overkill so much as many
might get the not-incorrect assumption that you are not performing a good
risk assessment, and your lack of knowledge on the subject is leading you
down a path of trying to do more than you probably need to rather than
learning more about computer security risk assessment.

As tsu points out, there are many, many attack vectors that you’re not
considering in trying to secure this machine to deal with secure online
transactions - by definition, that’s a system that cannot be airgapped
(ie, you can’t do secure online transactions and not be online). Whether
you’re directly connected to the Internet or on a LAN connected to the
Internet is a fine distinction, not a major increase in security -
because the larger risk is the Internet, not a local LAN - especially a
wired one that requires physical access to access.

Part of feeling secure is properly evaluating the risks and understanding
the tradeoffs. If you have an encrypted volume (for example), that you
leave mounted all the time on a system that’s always turned on, that
volume will generally be accessible to anyone who accesses the system.

It’s also important to understand that data, once it leaves your machine,
is “at risk”. The question is what level of risk is acceptable - you
won’t get a 100% guarantee of no risk - that’s simply not possible.
There’s a reason why when Windows NT was certified C2 “Orange Book” by
the US Government, the certified configuration was disconnected from the
with no external media access (ie, no USB ports, no removable
media of any kind).


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C