Image courtesy of [Ventrilock] / FreeDigitalPhotos.net[/caption]In computer security, a sandbox is the surveillance structure for separating running programs. Sandbox's are used to execute untested code, or suspicious programs from unknown third-parties, suppliers, and untrusted uses and websites. Sandbox applications are on the attack and malware systems keep advancing outsmarting these applications. Sandbox applications usually isolate threats and protect endpoints from malware attacks, the protection is not forceful enough against advanced malware attacks.Rahul Kashyap, chief security architect of Bromium stated, "Outlined threat vectors sandboxes could not effectively block in a Pen-Tester's Perspective". Not to say these sandboxes are not working, but pointing out the fact that people look at these sandboxes as fail-proof, so other security measures are often not considered.
It's as if a dead bolt lock on the front door of your home is going to keep all away. Even if there is a home security alarm installed, burglars can still enter and rob you.
The Attack
Bromium labs grouped these attacks into two categories:
- One that bypasses the complete sandbox
- One that exploits to succeed without breaking the sandbox
The bypass techniques focus on exposing Windows OS and the sandbox itself. The other includes post-exploitation scenarios, like keylogging, remote access, hijacking contents, screen scraping, stealing files, and getting into networking shares.
IT and network administrators shouldn't rely completely on sandboxes. Administrators should continue to practice other security options to keep systems from vulnerabilities. Executing malware within a sandbox is not safe, because malware is sophisticated enough to do severe damage to systems.
Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.
References:
Application Sandboxes Won't Stop Advanced Attacks: Research - Security Week
http://www.securityweek.com/application-sandboxes-wont-stop-advanced-attacks-research
July 24, 2013
Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.
No comments:
Post a Comment