Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Is Application Sandboxing The Next Endpoint Security Must-Have?
Newest First  |  Oldest First  |  Threaded View
Spikes
Spikes,
User Rank: Apprentice
5/16/2013 | 9:36:08 PM
re: Is Application Sandboxing The Next Endpoint Security Must-Have?
I see four different forms of sandboxing right now:

1.Microvisor, runs applications within the host OS, but within simulated boundaries, supported by processor instructions. This is what Bromium does, yeah?

2.Type 2 Hypervisor runs in a virtual OS container, but not on bare metal, instead. Invincea, Panda, etc use this right?

3.Type 1 Hypervisor (https://en.wikipedia.org/wiki/... basically running each application in its own OS within a virtual machine on a bare metal hypervisor. Pretty good security, but terrible ease-of-use.

4.Full hardware separation, with a network and firewalls in between the client and the application. This is what Spikes does. (www.spikes.com) for browsers today, with awesome ease-of-use.
Zuly
Zuly,
User Rank: Apprentice
5/14/2013 | 2:53:54 PM
re: Is Application Sandboxing The Next Endpoint Security Must-Have?
You have hit the nail on the head about the weaknesses of sandboxing. When the sandboxed application can attack your kernel because it is running with it, the sandbox protections are easily bypassed. But the future of containerization goes way beyond simple application sandboxing.

My startup, Light Point Security, is also in the security-through-isolation space, but instead of application sandboxing, we use server-based virtualization to separate the application from the endpoint. We actually run the contained application inside a one-time-use virtual machine that runs on a server. And we take it even further by isolating that virtual machine within a second virtual machine.

So security-through-isolation will definitely become the standard in endpoint security, but only when the isolation is absolute. Letting an isolated application share resources and have direct contact with the operating system is still risky, because it gives attackers a way out of the containment.
Ahmed Masud
Ahmed Masud,
User Rank: Apprentice
5/14/2013 | 6:59:39 AM
re: Is Application Sandboxing The Next Endpoint Security Must-Have?
Virtualization is really not the answer to edge-security because all that does is simply add another wedge between the back-end and the edge.

The only way to really safeguard against kernel-vulnerabilities is to put in a verifiable and mathematically immutable reference monitor into the core kernel constructs. So that the user-space <=> kernel-space interactions are only trusted through a well defined interface and that the rest of the kernel and all of the user-space is not to be trusted with the data-exposure.

See figure 1 below... If you have a vulnerable environment who cares if your Hardware is actual Hardware or "Soft Hardware" ; Actually there is arguably a chance that introducing a new kernel (namely the VMM kernel) one may make the situation worse. It's a second kernel and unless it's fully verifiable and a reference monitor for all app <=> kernel interactions ; we are mmm back to square-1

Just my 2- worth


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23119
PUBLISHED: 2023-02-02
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware im...
CVE-2023-23120
PUBLISHED: 2023-02-02
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new fi...
CVE-2023-0651
PUBLISHED: 2023-02-02
A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be u...
CVE-2023-23110
PUBLISHED: 2023-02-02
An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksu...
CVE-2023-0650
PUBLISHED: 2023-02-02
A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...