Does blocking internet on computer make it secure?

[subie]

Hello,

This is from my limited understanding about security, I'm trying to block internet access on a computer using a router. In my understanding, if there is no internet then hackers won't be able to get into the computer.

The locked computer would be limited to the local network, other computer can access the computer through remote desktop. They can still use internet on their computer, they can only access the locked computer through remote desktop. and physical access to it would not be possible.

Does blocking internet on a computer make it secure? or is this setup not secure?

Thank you!

 

[ColinTaylor]

Blocking the internet will improve security but it won't make it totally secure (nothing is totally secure). Common security threats like browsing web pages or downloading emails/software that contain malware will of course be stopped. But there's also physical security, like someone plugging an infected USB device into the PC.

However, as we have seen in the past, some of the most devastating malware infestations have been spread from one infected computer to all the others on the LAN. So all computers on the network, whether they have internet access or not, need to be fully patched and have up to date anti-virus protection.

So having a PC that is 99% secure as opposed to 98% secure is no comfort when you get hit by that 1%.

 

[RMerlin]

Computers can also be infected by other computers on the same LAN.

 

[subie]

Thank you ColinTaylor and RMerlin for the advice!

Would using Remote Desktop as the way to connect to the secured computer, can the secured computer still be infected through the LAN?

I will be using a program that can be use for offline update called WSUS Offline Update, I would update it manually.

 

[ColinTaylor]

Would using Remote Desktop as the way to connect to the secured computer, can the secured computer still be infected through the LAN?

If the only network connection to the PC is RDP then you would think that it would only be susceptible to vulnerabilities in RDP. In reality there are probably other potential security issues. Presumably the PC is connected to a router that provides it with a DHCP address and DNS services. As we have seen in only the last couple of days, there were security issues found with the routers DHCP/DNS servers. Does the router see other "network shares" on the LAN? There's a potential vulnerability there as well.

 

[RMerlin]

The only way to truly completely secure a computer is to unplug the network connection, and disable USB ports. Otherwise, as soon it gets any network access or allows a user to plug a USB disk, you have a potential attack vector.

At this point you have to ask yourself what you are trying to protect yourself against. If you're a terrorist and need to ensure that a three-letter agency cannot compromise your system, then unplug the network and disable USB port. If you're a normal user and you want to ensure you're not affected by regular viruses and malware, then keep the OS up-to-date, disable unneeded services, and run a reliable security suite.

Home users don't need a bank vault door as their front door. It's always a matter of needs versus effort.

 

[coxhaus]

I think the only true guarantee is to unplug the network cable and not plug in back in. Then you have to hope something did not happen before you unplugged the network cable.

You never know where a vulnerability will crop up until it happens and then of course it is too late. This is something we all live with.

 

[subie]

Thank you everyone for the helpful input!

 

[System Error Message]

blocking internet does not increase security, theres still LAN and removable media which can spread malware and such.