Two computers hooked together firewall logistics

[excalibur3]

I have an instrument that runs off a computer that runs windows xp (Computer A). It is also used for image processing but we would like to hook it up to a network with another compute (Computer B) so both can take images off the same hard drive and process data twice as fast. The issue is that computer B is hooked up to the internet and we are nervous about allowing computer A to get on the internet because the instrument that it is hooked up to cost $500k (viruses, spyware etc worry us most) Is there a way to allow computer A and B to share data with each other without making computer A vulnerable to malicious attacks?
Thanks!
Stephen

 

[nweaver]

1. If any box in the org is on the internet, then it makes every box venerable to worms, so having boxA not on the "internet" doesn't nessesarily make it that much more secure against worms. Any non worm exploit that uses web pages to spread won't effect it, but dicipline in not browsing the web is just as effective.
2. Use common network security practices (S/W firewalls, A/V, patched OS, etc). I would worry more about boxA not getting patches because it's not on the internet.

 

[excalibur3]

I guess my professor heard of a colleague who lost a lot of information because of a virus crash on a computer hooked up to the internet. To be honest, I really wish that it was running linux, os x, or something that was more secure than I perceive windows to be. Should I use zonealarm firewall, norton, or what exactly do you recommend?

 

[nweaver]

Security is in the user/admin

I dont' know much about windows S/W firewalls, I ran(run) my only windows box on a linux only network, with a heavy IPtables based linux router between me and the world. The one thing to realize, is that worms spread from machine to machine, through remote vunerabilities. Virii are spread by browsing the web and/or opening/running maliicious files, such as email attachments, adware bundled with some software, etc.

I would find a decent (XP SP2's is OK imho) inbound s/w firewall, that will allow you to open ONLY the ports required to share the files, and then ONLY with box B. Then I would keep that boxed patched (only time it should have a browser open) and a decent realtime virus scanner. DON'T OPEN EMAIL or INSTALL QUESTIONABLE SOFTWARE!!!

If possible, run as a limited user, with the "run as" used for anything required that won't work as limited user (usually a quick call to tech support can help get reg/file permissions for the limited user) and just use common sense.