HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 26 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow Browser protection (sandboxing) from Avast
EH-Net
May 22, 2013, 06:47:36 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Browser protection (sandboxing) from Avast  (Read 4816 times)
0 Members and 1 Guest are viewing this topic.
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« on: July 18, 2012, 01:37:28 PM »
Hi,

Is anyone using something like this? Is it really that good? Are there any drawbacks or vulnerabilities?

At a first look it is excellent. It suppose to protect you from many attack vectors.

Thanks!
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
SephStorm
Hero Member
*****
Offline Offline

Posts: 530


View Profile WWW
« Reply #1 on: July 19, 2012, 05:32:01 AM »
There was a Hak5 episode talking about sandboxing some time ago, they did a comparison. It came down to the susceptibility of the user, and the ability of the software to allow you to save downloaded files to your box. For instance, Comodo in the test did really well because it did not allow most of the files to be downloaded to disk. Most of the others allowed you to save it to the pc, where you could decide to run it in a sandbox or not. Most users are not going to do so with everything they download.

What interested me more so however, was a discussion on programs that would allow you to run suspicious files in a virtual environment, and report activity, such as opening ports, or downloading other files, ect, Unfortunately, it seems that these are all either online, or commercial. if anyone knows of a program that can be ran locally, with similar functionality, please let me know.
Logged
Support my hactivities.
http://www.cafepress.com/TRUEHacker
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #2 on: July 19, 2012, 07:49:29 AM »
Thanks for the info.

Because we will use it in a business environment, the user should be allowed to download files, and even to save the bookmarks, cookies.. on the browser.

I saw that if you are clicking a pdf file, fir example, and choose the option to open it it will open in a sandboxed Adobe, which really is excellent.

Today and tomorrow I'll try some Java, Flash.. exploits and see what happens.
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
SephStorm
Hero Member
*****
Offline Offline

Posts: 530


View Profile WWW
« Reply #3 on: July 19, 2012, 11:13:08 AM »
I dont see it working unless you can force users to open certain extensions in a sandbox, maybe using applocker or something.
Logged
Support my hactivities.
http://www.cafepress.com/TRUEHacker
3xban
Hero Member
*****
Offline Offline

Posts: 608


View Profile WWW
« Reply #4 on: July 25, 2012, 07:39:08 PM »
I am not sure if Sandboxing would be great for the enduser.  I don't think you can centrally manage such software.  But if you did something like VDI or Xen Desktop for all the mission critical apps and keep the main desktops segmented from the production servers (with the exception of allowing only the VDI or Xen Desktop traffic through), then you will certainly add some hurdles for any would-be attacker.

I saw a product at RSA this past year that caught my attention, (BLP)-Cloud from DaoliCloud.  Think Inception but on the desktop.  It is basically VDI withing a single system.  Main host is a linux distro where the user can do just about anything internet wise.  Then it drops down a level to a VM that is locked down with a couple layers of security on it.  Might be more than you are looking for.

Essentially sandboxes are used more for malware analysis and other app testing to keep activity contained.   
Logged
Certs: GCWN
(@)Dewser
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #5 on: July 27, 2012, 09:27:33 AM »
Interesting concept, but how can you apply it to a whole team?

Like any enterprise software you need support for it. Worse, these restrictions are demanded by a gov client, which is very paranoid about security. So ... having a Chinese software processing their data... not a very good idea Smiley

Actually, the demand is that every time an applet is loaded a prompt will appear, and the user should accept it. For example, going to Google main page would mean to click OK seven times. This should prevent some web appl attacks. The problem is that the users will not be able to browse anymore, and they need this option in order to do their job (for other clients).

I was thinking that a better browser protection will make the agency withdraw the request.

I tried Avast sandboxing at home and at work. At home it works just fine, but at work it doesn't work so well. I can browse to some sites, but not to others. I think that you cannot browse to a site with an invalid certificate. As an example our Nessus has the self-created, unsigned, certificate, so I wasn't able to go tp the Nessus web page.

Now, I don't know if I should ask the help of the Avast team (we aren't even their clients), or to try to find another solution to this problem.
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
3xban
Hero Member
*****
Offline Offline

Posts: 608


View Profile WWW
« Reply #6 on: July 29, 2012, 07:07:24 AM »
Ah yes, Chinese software is probably not the best solution Cheesy  So what is the the goal the gov't is trying to obtain from you?  Sounds on to me they would enforce something that would pretty much make it impossible for people to get things done.  Is it just for select systems or for all?  Do they want clean systems accessing their app/site?  If so you can always do something like a vmware VDI solution that runs a heavily limited/filtered browser that can only connect to their app and nothing else.  Maybe even put them in a vLAN that is only allowed to go to that specific IP range on the net.
Logged
Certs: GCWN
(@)Dewser
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #7 on: July 30, 2012, 10:17:54 AM »
Indeed the use of those restrictions would make the life of the users a real hell.
Practically you cannot browse the internet anymore.

Luckily, this policy affects a limited number of users.

Probably, using a VM for gov related tasks would be a good idea, but it is not so easy to sell it to management.

I'll see.

Thanks!
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.075 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.