Professional Documents
Culture Documents
INTRODUCTION
The term security always plays an important role in our lives whether it is financial security or political security. In the field of computer science, security plays an even bigger role in this Internet age. Technologies like virus scanners, firewalls etc, have been existence. The latest and most sophisticated technology emerged in recent months is Sandbox technology. Sand box protection Sand box is the security technology that process workstations and networks against attacks from any type of active contents (activex, java, vbs and other executable code or .exe emails or by any others means. files) received from the Internet,
First in the world Norman is the first anti-virus company in the world to present this new technology. The terms deepscan and scanbox technology are used to describe the method. Sandbox describes the technical solution; the program establishes a simulated computer in an enclosed area, allowing the virus to replicate on the simulated machine under careful monitoring. When the virus has been activated, the sandbox is examined and the vaccine is produced immediately. This sand box technology should not be confused with traditional heuristics. Norman is now patenting this technology.
Department of CSE,MITS,Madanapalli 1
SAND BOX
Department of CSE,MITS,Madanapalli
SAND BOX
SANDBOX FOR WINDOWS Sand boxing technology is the first commercially available security solution to protect workstations and networks against attacks from any kind of active content (activex, java and other executable code) received from the internet and to manage behavior of already installed applications residing on the pc. Wrap around the application With sandboxing technology you can create a closed environment (sand box) around any application (known or unknown) and restrict its access to your computers resources. Within this closed environment any code can run and access calls of the application to system resources. Drivers, the registry database (all configurations), and the file system are shielded and constantly monitored to protect the privacy and integrity of your system. Proactive security measures Sandboxing checks for applications activities and does not base its security mechanism on a comparison with a database of hostile applet references. It checks all actions and access to resources, but only suspicious or unwanted actions are blocked. Hence, it is the first commercially available behavior checker, which not only protects against intended hostile attacks, but also against unintentionally buggy applications. You can view which components are installed and running on your computer, where they came from, monitor what an application does, and which resources it accesses.
Department of CSE,MITS,Madanapalli 3
SAND BOX
Department of CSE,MITS,Madanapalli
SAND BOX
RESOURCE PROTECTION
Sandbox resources protection The sandbox agent protects the following computer resource against unwanted and suspicious accesses and changes.
The registry The windows operating system saves the system and application configurations within the registry database. If a hostile applet changes settings within the registry database, it might leave application or your entire system unusable. By changing the registry database, a hostile applet can also gain unwanted access to resources on your computer. Access to services Sand box agent monitors all access to system services issued from restricted applications. By changing the setting of particular services (stopping or accessing certain services), a hostile applet can make computer unusable or gain unwanted access to resources and data. Dangerous calls to the system Certain functional interfaces of the system are intended for windows internal use, or special applications use only. There is no reason for these to be in normal circumstances. Also, dangerous device-level
Department of CSE,MITS,Madanapalli
SAND BOX
access is protected. Sandbox agent restricts the availability of these system entry points for restricted applications. Access to the file system By accessing the file system, an applet gains access to all your data and files. Sandbox agent can restrict access to the file system depending on its configuration. In a typical scenario, you might want to set up a dictionary for saving information received from the Internet while blocking the browser access to all other file areas. Access and monitoring of IP ports and IP addresses Sandbox agent can monitor access to IP ports by restricted applications. By using certain IP ports an applet can e-mail information to the Internet or connect using any other protocol. Spawning of processes control Sandbox agent can prevent a restricted application from running other application or inheriting another applications access to a secured environment. This can prevent misuse of trusted application by hostile code.
Department of CSE,MITS,Madanapalli
SAND BOX
files received through your web browser will be opened and scanned for viruses before they are installed on the computer. To makes an API or command line call to the virus engine running on the machine a number of the most common virus scanners are supported .In addition, user defined custom virus scanners can be used with command line parameters. Even if your virus scanner does not offer command line support it will work with sandbox. Cache management Cache manager is completely integrated into the sandbox agent environment. Cache manager allows the automatic removal of session information in the browser cache.
Department of CSE,MITS,Madanapalli
SAND BOX
Cookie management Cookie management is included to allow the blocking removal and management of all cookies for all users/profiles on a computer and to restrict cookie placement by web site/URL.
www and e-mail content filtering To increase security, web pages with unwanted information (e.g. active content) or outgoing e-mails containing confidential information can be blocked.
Department of CSE,MITS,Madanapalli
SAND BOX
If the sandbox agent does not protect your computer, hostile applets could access all the files and resources that are available on your computer would be left wide open to anyone on the internet with destructive or criminal intention. Recent studies and surveys have showed that most corporate networks and computers connected to the internet have been attacked and have reported damages from illegal access from the outside by either internet or the use of e-mail attachments. Malicious mobile code (activex, java, vbscript as well as other executables) is increasingly being used to issue these attacks. Today, unfortunately a number of hackers tools and instructions on the Internet now exist showing how to create a hostile application without sophisticated knowledge. This increases the threat enormously. List of common attacks: Deleting of files An applet deletes system or user files in the background while running on your computer. This attack can make your computer/operating system unusable and leads to loss of data and information. Denial of services
Department of CSE,MITS,Madanapalli
SAND BOX
By changing the configuration of your operating system or application, your system /service or parts of it can become unusable. Theft of information and data An applet can access data and files on your computer/network, copy and send them to any computer (e.g. to your competitors) on the Internet via e-mail or by using unrestricted IP ports. Remote access via the internet An applet can generate a proxy on your computer enabling computers on the Internet to remotely access all the resources on your computer or on your LAN. Installation of unwanted/hostile application An applet could change your system configuration in order for a hostile application to be started automatically the next time you start your computer. This application could then undertake all its malicious tasks in the background or block access to particular or any resources on your computer. Manipulation of your connection An applet could filter, manipulate or falsify information or received from another source.
Department of CSE,MITS,Madanapalli
10
SAND BOX
Impersonation An applet could impersonate your user ID on the Internet or your local area network and initiate malicious, destructive or unwanted actions. It could therefore, abuse personal or sensitive information collected from your computer (e.g. credit card information).
Department of CSE,MITS,Madanapalli
11
SAND BOX
ANTI VANDAL SANDBOX Modern vandals arrive in many forms on web pages, in email messages and attachments, news groups and other sources, and typically rely on active content such as activex, java applets, and scripts to deliver their payload. Esafes sandbox II is a proactive module, constantly monitoring both your computer and the Internet for hostile activity, ready to intervene the moments a potential threat is identified. The sandbox does not rely on traditional signature tables for identification and removal. In the addition to virus signature provided by the anti-virus engine, the sandbox provides an extra layer of protection against both known and unknown vandals by restricting access to designate the system resources. The moment any form of malicious mobile code attempts hostile activity, Esafe traps and quarantines the vandal within the sandbox, alerting you to the vandals activity and allowing you to take appropriate action without risk of damage of mission critical information. Esafes sandbox II monitors every active process and application, using a predefined access control list to determine whether the application in the question is permitted to use or access particular system resources. When sandbox identifies potentially hostile activity, it verifies the use of system resources against a predefined list of allowed activities. If the application is not permitted to engage in a particular activity, Esafe will quarantine the vandal and notify the user of the applications action,
Department of CSE,MITS,Madanapalli
12
SAND BOX
allowing the user to take action before the vandal can damage vital system resources. Patenting deep scan and sandbox technology Norman introduces a new technique for eliminating new computer viruses. The data security company Norman ASA is the first company in the world to present sandboxing, a method to detect unknown viruses in real time. The risk of false alarms is practically eliminated. This innovative technique was presented at the renowned Virus Bulletin Conference 2001 in Prague. Unknown viruses have always been a challenge for anti virus companies, and the recent events with more complex and faster spreading viruses like Nimda, have made this new technology even more relevant. Imagine that you open an email attachment with a new and dangerous computer virus. The virus immediately starts cutting and pasting in selected system files, while other files are just deleted. Very soon your computer is wrecked. In addition, the virus is using the network to infect other computers. Thats what the virus believes. The truth is that you can carry in with your work as usual, just like all the others in the network, and no real damage is done. This is what the new technology provides, says Kurt Natvig, responsible for the sandbox technology development at Norman ASA.
Department of CSE,MITS,Madanapalli
13
SAND BOX
CONCLUSION
A beginning has been made. Lets hope that one-day we will be able to use the Internet without fear of any security risks. As we are hoping that the sandbox technology is new age for the security purpose in networking as it over coming all the security damages and being at the keen position at the beginning itself.
Department of CSE,MITS,Madanapalli
14
SAND BOX
BIBLIOGRAPHY: References:
http://www.google.com www.chromium.org/developers/design-documents/sandbox
Wikipedia.org/wiki/sandbox Docs.racket-lang.org/reference/sandbox
Department of CSE,MITS,Madanapalli
15