Internet <–> Box #1 <–> Box #2
The plotter to which I was referring (box #2), has no internet connection. However, it does have a connection to my full node Chia box (#1).
Box #1 is able to access all of #2s drives, via “Map Network Drive” (or whatever Windows calls it – “net use blah blah blah”). The two boxes have a CAT 7 (or CAT 8?) cable providing connectivity between them, and are on their own private network.
I use a single drive letter for box #1 to see all of the drives on box #2, because all of box #2’s drives are NTFS mount points (not drive letters).
As far as box #1s config.yaml is concerned, box #2s drives are all just a drive letter with directory locations.
So it is possible for something to infect box #1 and find its way to box #2. But there is nothing of value on box #2. It is just a plotting machine with plots and no data worth anything to anyone.
And in order for someone to get to box #2, they have to comprise box #1, and there is no getting around the requirement for the full node to have an internet connection.
But I install nothing extraneous on box #1. It is a clean Windows install + Chia, and that’s it. I refuse to use its web browser or anything else (well, I use its calculator). Box #2 is the same, without the internet connection.
One day, when I feel adventurous, I will configure box #2 to be a harvester.
I have held off making that change, because everything is working, and I tend to leave what is not broken alone. But maybe I would get better response times if box #2 did its own harvesting?