Moving files between two PC's (Un-networked), the best way?

sram

[H]ard|Gawd
Joined
Jul 30, 2007
Messages
1,468
Hi,

Let's say if I can explain this properly. In one of our work environments, there is a need to very frequently move files between two computers while each is connected to a different network (Or you can say one is a standalone computer). In usual cases, one would setup a shared drive between the two computers after joining them into the same network. We don't want to do this, why? Let's say one is a production network and one is a public network and we don't want to expose the production network. So, other than using a flash drive to continuously move files between the two computers, which can get very impractical, what would be a more efficient way from a networking perspective? Actually linking the two networks and setting a firewall between them maybe going too far I think. I don't know, maybe there is a way I don't know about. You know, flash drives are the best when it comes to spreading viruses/malware.

Thanks.
 

Zepher

[H]ipster Replacement
Joined
Sep 29, 2001
Messages
19,547
Is it possible to add a second NIC to each one and run a cable between the 2?

Google Drive or Dropbox?
 

sram

[H]ard|Gawd
Joined
Jul 30, 2007
Messages
1,468
Is it possible to add a second NIC to each one and run a cable between the 2?

Google Drive or Dropbox?

With a crossover cable? Yeah I guess they both should have an empty slot for a 2nd NIC...........You know, I never connected two computers in this fashion before, how do you proceed then? What configuration/settings I need to mess with? And if I go this way, with the exception of files I want to move intentionally, will there be a way for other files to move back and forth? You know I want to block accidental or malicious intentional file transfer between the two computers. I'll go research that myself now, but help is always welcomed. Thanks.

Google Drive or Dropbox: Not an option because the info is classified. Don't want to host it in the internet. Thanks.
 

Zepher

[H]ipster Replacement
Joined
Sep 29, 2001
Messages
19,547
I did it back in the day when Gigabit was new for the consumer, bought 2 gigabit nics and slapped them into my PC and server and used a straight cable since Gigabit has Auto-MDX so no need for a x-over cable.
I think I just made static IP's for both cards. This allowed me to have normal internet on both machines on the 10/100 NIC and fast copy speeds between the PC and server over the gigabit NIC.
Gigabit switches came down in price so I no longer needed to do that.

Probably go with 10Ge now since they are cheaper.
 

sram

[H]ard|Gawd
Joined
Jul 30, 2007
Messages
1,468
None of this sounds like a good idea. These networks seem to be airgapped for a reason and any kind of communication between them is going to invite issues. I suggest you look at re-architecting the solution.
You are exactly right!

Re-architecting the solution: This is where I need help, hence this thread.
 

Eickst

[H]ard|Gawd
Joined
Aug 24, 2005
Messages
1,884
You *could* do a cheap iscsi box, make two volumes in it, expose volume a to computer a as read/write and to computer b as read only, and volume b could be read/write to computer b and read only to computer a.

Then the machines would get connected directly to the iscsi box nics, you would put each link in it's own subnet.

Hard to do this safely without clustering of some sort. The above is the only way I could think it up in under a minute off the top of my head
 

Mr. Baz

2[H]4U
Joined
Aug 17, 2001
Messages
2,815
None of this sounds like a good idea. These networks seem to be airgapped for a reason and any kind of communication between them is going to invite issues. I suggest you look at re-architecting the solution.

Exactly my thinking. There is a reason the two computers are not on the same network. The solution cannot be "connect the two computers to another network in which they see each other." This is a blatant violation of policy.

Either deal with the USB drive or run the issue up the chain. It is probably someone's job to architect the solution for you.
 

pek

prairie dog
Joined
Nov 7, 2005
Messages
2,271
Or, like Eickst said, but with something like a Qnap network storage box. The newer ones have 2 nics (1 gig copper), add a new nic on each pc, set them up for a non-routable subnet with the Qnap box. Set up a new account on each pc, the account on pc-1 (the one with classified data) has read/write permissions on the qnap (it is the account for file-transfers only), pc-2 has a read-only account (on the Qnap, not the pc). Set up Qsync (or the equivalent for the storage box you get, you do NOT need to use the special qsync folder to copy files, you can set it up to watch a certain folder/directory) on pc-1 to move files back and forth, then set up the user from pc-2 with read-only access (or read/write if needed, depends on your requirements) to the shared folder/directory to copy changed files to that pc. DISCLAIMER: I haven't tried this myself, my Qnap is set up for online backups using Qsync, but not with a read-only account on another pc, the accounts I use to backup to the Qnap are allowed read/write and all my pc's are windows. Plus, check with your cyber people to see if this is permissible.
 

sram

[H]ard|Gawd
Joined
Jul 30, 2007
Messages
1,468
Or, like Eickst said, but with something like a Qnap network storage box. The newer ones have 2 nics (1 gig copper), add a new nic on each pc, set them up for a non-routable subnet with the Qnap box. Set up a new account on each pc, the account on pc-1 (the one with classified data) has read/write permissions on the qnap (it is the account for file-transfers only), pc-2 has a read-only account (on the Qnap, not the pc). Set up Qsync (or the equivalent for the storage box you get, you do NOT need to use the special qsync folder to copy files, you can set it up to watch a certain folder/directory) on pc-1 to move files back and forth, then set up the user from pc-2 with read-only access (or read/write if needed, depends on your requirements) to the shared folder/directory to copy changed files to that pc. DISCLAIMER: I haven't tried this myself, my Qnap is set up for online backups using Qsync, but not with a read-only account on another pc, the accounts I use to backup to the Qnap are allowed read/write and all my pc's are windows. Plus, check with your cyber people to see if this is permissible.
This is a actually a nice idea. I will check it out. Thanks.
 

Machupo

Gravity Tester
Joined
Nov 14, 2004
Messages
5,502
This is why CD-Rs come in spindles of 100.

You are asking for trouble when you bridge intentionally air-gapped networks.
 

robjordan406

Limp Gawd
Joined
Oct 22, 2018
Messages
158
Anyone old enough to remember the old Direct link Cable (via LPT1 Port) that you would hook up between 2 computers to transfer files???? When we finally got out hands on TC/IP drivers from Microsoft and hooked up a network cable (in 1986), we were finally on "high cotton".......
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
5,399
Anyone old enough to remember the old Direct link Cable (via LPT1 Port) that you would hook up between 2 computers to transfer files???? When we finally got out hands on TC/IP drivers from Microsoft and hooked up a network cable (in 1986), we were finally on "high cotton".......
I do! I do! I still have the parallel port and serials cables somewhere...

Air gapped networks just don't need any physical or logical connection that could be to each other. Depending on how often the data needs to be refreshed, and if one is only reading while the other is read write, an sata hot swap solution (internal or external) in each system with 2 different drives swapped daily would be easy and very fast. You'd write to the drive, take to the other system and swap it with the drive in that system putting it into the read-write system for updating. The most recent update would be on the read-only system and the read-write system would have a continuous mirror.

Now if the physical drive running is the problem, then a simple file server or nas with 2 nics will work, one nic for each system. And an additional nic in each system that connects to the file server. And then run a non standard protocol on the second link--anything other than tcp/ip. This way, there's no common protocol across the airgap even if there is a breech in any system. I used to do this when I hosted a web server at home--the web server ran tcp/ip to the outside and ran lantastic to the file server where all the data lived. Even if someone hacked into the web server, they would have gotten just that as they wouldn't have been able to get across to the file server in the same manner. Worked pretty well.
 

acquacow

Limp Gawd
Joined
Mar 7, 2016
Messages
462
1: Rsync/robocopy from each machine to a directory on a removable drive

2: Share two iscsi or fiberchannel drives between each machine (Luns A and B)
- Machine A is the only one that can write to Lun A, but it can read Lun B
- Machine B is the only one that can write to Lun B, but it can read Lun A

Then you just setup rsync between them that way w/o a removable drive. It'll keep them from sharing networks, but you could still shuttle files around.
 
Top