Best way to block a drive from the internet?

Discussion in 'other firewalls' started by justenough, Jul 5, 2013.

Thread Status:
Not open for further replies.
  1. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    I have 2 backup drives, one internal and one plug-in. I don't see why either one would need access to the internet. I'm using the Windows 7 x64 firewall along with Webroot SecureAnywhere. Can they block the drives from the internet? Can another firewall like Online Armor do that? Or is there a better way than using a firewall?
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    check your log files! or provide more details of that drives :rolleyes:
     
  3. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Perhaps I wasn't clear in my question or you didn't understand it. I would like to know in general if a firewall can block a backup drive from accessing the internet, and if not then what other method is there?
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    How can a backup drive access the internet? By its own? The hardware calls the internet? You need to be more specific, that's why the question of the previous user. Otherwise your problem makes no sense. :)
     
  5. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Really? I'm certainly capable of making no sense, but I'm surprised this is one of those times. If malware got onto a backup drive, couldn't it try to connect out?
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    It must first infect the OS (running somewhere I guess, lol) to access whatever devices connected to the infected system. So, unless you explain better what you mean, it's hard to provide a sensible answer.
     
  7. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    The malware on your backup drive would have to execute and get into memory before it could connect out. Just being a dormant file residing on the drive itself would not cause any network concerns. Your concern would be addressed by blocking anything from executing from your backup drives.
     
  8. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,063
    Location:
    Netherlands
    1 + 4 = easy, 2, 3, 5 = requires some knowledge, 6 = requires OS-knowledge

    1. Disconnect drive (plug-in)

    2. Encrypt drive

    3. Use a NAS and require user ID/password for (session) access

    4. Use a special application see hxxp://en.softonic.com/s/drive-lock-software-windows-7 for (usage) acces

    5. Look for confidential folder or block file access options in software (like DefenseWall Firewall has, AppGuard and Sandboxie). This will stop guarded (untrusted) applications seeking internet connection to be unable to read them.

    6. Set an ACL on it for users, see picture (you need to run explorer as admin, with right click mouse, properties, security tab, to reset these permissions again).
     

    Attached Files:

    Last edited: Jul 5, 2013
  9. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    That makes sense, thank you. Any suggestions about the best way to block anything from executing from a backup drive?
     
  10. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Thank you Kees, as usual I understand how to do about half of that, but I'll look into the rest and put in place as much as I can. I was beginning to wonder if I could use Sandboxie to limit what the files on the backup drives could do.
     
  11. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    You could use Windows 7 AppLocker. The default ruleset should be enough to accomplish your goal.
     
Loading...
Thread Status:
Not open for further replies.