secure boot/OS options for multi purpose system - part messy, part clean

MGediG

Honorable
Sep 3, 2015
35
0
10,540
Trying to figure out the most secure way to implement a multi purpose setup with a view to keeping a part of the system extra clean and secure - dedicated to online trading, gambling and accounting purposes.

Then keep that segregated from other areas dedicated to:

- gaming (various community patches, .exe files, mods etc and all the risk that entails)
- video editing, including possibly one or 2 copies of editing software that may possibly have fallen off the back of a lorry in China.
- MAYBE torrents and/or newsgroups.
- general hacks and tweaks to improve the system that may not be approved by Microsoft and/or Apple overlords and be by vetted and identifiable publishers.


So, I have a hackintosh build at the moment with dual boot/dual HD windows 10 and OSX. The original plan was the Mac was the secure trading system, but now I'm moving towards a piece of software that I need to implement automated trading that is PC native (metatrader). So, I'm paranoid about trading on my gaming HD/OS, which I generally treat with less caution than the mac OS. There is also the benefit of the systems being incompatible. So if I happened to open a dodgy .exe on the PC when installing a gaming mod, it's unlikely to leap over to OSX.

I considered adding a new drive and a new copy of windows 10 or 7 (I have a 7 disk somewhere), triple booting and calling the 2nd copy of windows my secure system. But, I realise if the partition can be seen from one Windows boot to the other that kind of ruins the plan, even if they are on separate HDs. Unless I disconnect the more scary HD each time I boot up the trading "clean" HD/OS. Is that correct?


Any suggestions would be appreciated outside of building a new system. This is about as powerful a machine as I can make for a long time, so it needs to serve many functions.


Obtaining another copy of any necessary OS is not an issue.

Also interested in hardware solutions, such as a hard drive bay that allows me to easily unplug an internal (at the flick of a switch perhaps?).

Your help is greatly appreciated.
 
Solution


From what I read in the first linked thread above, it's actually the other way around if you want a secure system using virtual machines. So, the host system needs to be the clean one, and the client virtual system can be the "dirty" system. The virtual...

MGediG

Honorable
Sep 3, 2015
35
0
10,540
yeah I was kind of stream of consciousness heading towards that in my post I guess, but, wondering what the general security considerations are for this objective, and if physically isolating them will be a good answer. OR, if it's not necessary, what another solution might be..

cheers - hotswap could be good though as one option ;)
 


The other option I thought of (physical isolation is probably excessive.) would be to run your "secure" trading OS in virtualbox or the like
 

MGediG

Honorable
Sep 3, 2015
35
0
10,540
Hi guys, so I kind of burnt out on troubleshooting various computer issues after I posted this but now have returned to it and settled on the solutions so wanted to post back here in case anyone comes across the thread looking for a similar solution.


Decided on the hotswap as it puts my mind at rest. I found this informative thread with this post in particular being very helpful summing up the gist of what needs to be considered and what solutions can work:

http://windowssecrets.com/forums/showthread.php/153800-Dual-Boot-Security?p=905323&viewfull=1#post905323


Basically isolating the different boots physically is kind of like wearing belts with braces and then safety pinning it, but that's simply the most secure and cut and dried solution. Then of course when booting each setup, remembering to eject each unused drive so the different boots and other drives literally never come into physical contact through the computer system is a little bit of hassle each time you want to swap between the various tasks, but a bay like this looks good and fairly efficient, or any other equivalent:

http://www.amazon.co.uk/Icy-Dock-ExpressCage-MB324SP-B-Backplane/dp/B00WBEZYVI/ref=cm_cr_arp_d_product_sims?ie=UTF8


Then lastly considering the boot order when ejecting and reinserting the various boots is important, if it matters to you (it is for me when I do my standard "dirty" gaming Windows or Mac OS hackintosh boot as I want the Windows to boot first automatically and then select OSX manually when I want to do editing or other designated Mac tasks). The BIOS resets it's boot order each time there is a new configuration of drives... there are some other details in this thread that may be helpful, I've only skimmed it so far ;)

http://www.tomshardware.co.uk/forum/266069-32-dual-boot-swap-caddy




Additionally also considering some sort of setup where I can allow myself to download torrents or newsgroups on my OSX install, but through a virtual machine and direct to an external HD (or one of the hotswaps), in order to have some sort of safety net for that activity and keep the OSX fairly clean too. I have a lot of editing projects already in OSX software, along with a lot of movie files on OSX format drives, so it makes sense to keep that trend but keep the install as safe as it has always been. That was the only real danger zone would be the gaming install.
 

MGediG

Honorable
Sep 3, 2015
35
0
10,540


From what I read in the first linked thread above, it's actually the other way around if you want a secure system using virtual machines. So, the host system needs to be the clean one, and the client virtual system can be the "dirty" system. The virtual system can't do anything to the host, but the host is the start point for the virtual system so the virtual system is theoretically as clean as the host is.
 
Solution