Since I started working with Snowden's documents, I have been using a number of tools to try to stay secure from the NSA.
The advice I shared included using Tor, preferring certain cryptography over others, and using public-domain encryption wherever possible.
Air gaps might be conceptually simple, but they're hard to maintain in practice.
The truth is that nobody wants a computer that never receives files from the Internet and never sends files out into the Internet.
(The ultra-paranoid way to do this is to buy two identical computers, configure one using the above method, upload the results to a cloud-based anti-virus checker, and transfer the results of that to the air gap machine using a one-way process.) 2.
Install the minimum software set you need to do your job, and disable all operating system services that you won't need.
So if you use a tiny transfer device, it can only steal a very small amount of data at a time.
But every time a file moves back or forth, there's the potential for attack. Stuxnet was a US and Israeli military-grade piece of malware that attacked the Natanz nuclear plant in Iran.You can also verify how much data has been written to the CD by physically checking the back of it.If you've only written one file, but it looks like three-quarters of the CD was burned, you have a problem.Malware can silently write data to a USB stick, but it can't spin the CD-R up to 1000 rpm without your noticing.This means that the malware can only write to the disk when you write to the disk.