If I boot from a linux usb stick and connect to the internet how can I block access to the ntfs drives on the internal HDD? I do not want my windows drives exposed to the internet. Is my only option to physically disconnect the internal HDD? Thanks for any help with this https://lqo-thequestionsnetw.netdna-...s_lq/icon7.gif

Do you want to prevent yourself from accidentally accessing the NTFS volumes, or malware from messing with them? Remove the NTFS kernel modules from the USB stick. You will find them somewhere under /lib/modules.

This solution is not watertight. Somebody could break into your computer and either use NTFS tools or reinstall the drivers to access the drives. Or simply download the entire drives and analyse them on their computer. Anything you disconnect via software can be reconnected via software. For 100% security, physically disconnect the drives.

1 members found this post helpful.

Simply umount them.
As pointed out, not totally safe, but will suffice to stop casual perusal.

1 members found this post helpful.

Thank you sygOO and berndbausch for your help and advice. My concern is to protect my internal HDD (ntfs partitions) from any harm from the internet i.e installation of any unsolicited s/w (malware, virus etc.) and also unauthorised access ie "breaking in". From your advice I'm thinking that my understanding of the how these undesirable intrusions could be prevented is not all it should be.
I have now learnt that I can get Linux to have the drive partitions unmounted and hidden. I presume that this would prevent any program from knowing of the existence of these partitions, while linux was operating. A windows exe file downloaded, under linux, to say my home directory couldn't run anyway? A linux executable file could run but what changes could it make without first having to provide my admin password or that of root?
In the same vein, how can someone break in to my computer (while linux was running) without having to supply either my password or that of root? Your advice wil be much appreciated.

To answer your last question first, neither Linux nor Windows computers are immune to breaking in. On both platforms, crackers take advantage of bugs in programs that run under a privileged user. Red Hat and its clones Centos, Scientific Linux and Oracle Linux minimize this by closing all network ports by default and through SELinux, a framework that prevents "owned" programs to cause damage beyond the files that these programs are supposed to access.

Not really. Once someone has access to your system, a look at /proc/partitions reveals what disks are there. Use a tool like fdisk, which is bound to be on your system, to find out what partition types there are. Then use NTFS utilities on your USB stick or install them. Access the NTFS partition and install your virus.

While it's an unlikely scenario (or perhaps not that unlikely? I am certainly not an expert in these matters), it's not at all impossible.

1 members found this post helpful.

So in practical terms, for maximum protection of the contents on my HDD I should quarantine the drive by physically disconnecting it. Thanks for this specific solution and thank you also for helping me see the need for me to develop a much better understanding of how a computer can be controlled /made to do things. I need to do a lot more reading/research.
Cheers,

i have yet to see a OS that dose not automount ntfs ( ntfs-3g) partitions as read ONLY ( except for root )

but to stop the auto mounting
add a line in fstab
or
write a udev rule for the partitions

there really is NO need to open the computer and unplug the ntfs formatted drive ( very bad idea)

now
if it is on a REMOVABLE drive , then just put it on the shelf with the rest

You could create a real install on a usb where you could remove your user from being able to mount ntfs.

I'd not sure that most distro's mount all drives at boot but maybe I'll check that in a few. At one time it was very difficult to access ntfs, then we got read support. Took a while to get read/write support but you used to have to manually tell the mount to mount it as ntfs-3g.

I have learnt that adding an appropriate line in fstab for each ntfs drive, each drive can be hidden and not automounted at boot up. So being unmounted and hidden I would have thought that any one logged on, but not as root, could not access the ntfs drives. If I configure linux to have no users except me and root (guest disabled) with robust passwords, then I would be the only one who knows the passwords and so the only one able to logon and use my linux system. However, going on Berndbausch's reply it's possible for a hacker to gain access to my system by somehow bypassing the password security, as a "privileged user". I need to do more reading to learn more about what alternative access routes there are to my system other than the normal logon procedure. I suspect this will take me to learning about open communication ports as "backdoors".