SANDBOX SECURITY

A Sandbox for computer security confines the actions of code to the Sandbox device – and in isolation to the rest of the network.A Sandbox is an isolated environment on a network that behaves as end-user operating system.

If something unexpected happens, it affects only the sandbox and no other device on the network.

WHY SANDBOX?

 The new , untested internal code can behave in unexpected ways evading the security. We must have a strategy to protect your data and programs from security threats. The purpose of Sandbox is to observe the activity of unknown code in a quarantined environment where no harm can be done to host machines or devices on the network.

Exploiting an unknown deficiency in code is what is known as Zero-Day Attack.The basic methodology used is to leverage un-patched vulnerabilities in common operating systems and applications.

Before Sand boxing, there was no effective means to stop these advanced attacks.Though Firewall and Antivirus existed which could stop only known threats.

After observation of the malicious or unknown code, the evaluation of potential threat was based on activity rather than attributes of code.

If no threats are observed – code is released.

If code is found malignant – code is expunged.

SANDBOX IMPLEMENTATIONS

There are several options for sandbox implementation that dependent on organisation’s need. Three varieties of sandbox implementation are as follows:

  • Full System Emulation: The sandbox simulates the host machine’s physical hardware, including CPU and memory, providing discern-ability into program behavior and impact.
  • Emulation of Operating Systems: The sandbox emulates the end user’s operating system but not the machine hardware.
  • Virtualization: This approach uses a virtual machine (VM) based sandbox to contain and examine suspicious programs.

DRAWBACKS

Sand boxing can also  be evaded. As sand boxing became more common, cyber criminals began to design threats with features to help them evade detection. For example, a threat might be programmed to remain dormant until a future date, so that during sand boxing it appears genial.

 Another effective evasive technique is to make the malware able to detect whether it is in a virtual environment, and to remain dormant until it finds itself in a real desktop or other device.

The threat could be designed to target a specific environment OS only.

First generation Sandboxes resulted into performance issues as well.

To overcome this, dedicated performance units were added that improved performance.Also,comprehensive testing was supported within all OS and applications.

For providing a better environment, emulator must check every instruction from the code that executes on the CPU.

emulate the user-environment accurately.

integrate with other security devices to share threat information on the network.

Thanks….

Recent Posts