49 min listen
Unavailable
Currently unavailable
2017-004-sandboxes, jails, chrooting, protecting applications, and analyzing malware
Currently unavailable
2017-004-sandboxes, jails, chrooting, protecting applications, and analyzing malware
ratings:
Length:
52 minutes
Released:
Feb 6, 2017
Format:
Podcast episode
Description
This week, we discuss sandboxing technologies. Most of the time, infosec people are using sandboxes and similar technology for analyzing malware and malicious software. Developers use it to create additional protections, or even to create defenses to ward off potential attack vectors. We discuss sandboxes and sandboxing technology, jails, chrooting of applications, and even tools that keep applications honest, in particular, the pledge(2) function in OpenBSD ---------- HITB announcement: “Tickets for attendance and training are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/ --------- Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-004-Sandboxing_technology.mp3 iTunes: https://itunes.apple.com/us/podcast/2017-004-sandboxes-jails-chrooting/id799131292?i=1000380833781&mt=2 YouTube: https://www.youtube.com/watch?v=LqMZ9aGzYXA Join our #Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback, or Suggestions? Contact us via Email: bds.podcast@gmail.com #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582 ----------- Show notes: Sandboxing tech - https://hangouts.google.com/call/yrpzdahvjjdbfhesvjltk4ahgmf A sandbox is implemented by executing the software in a restricted operating system environment, thus controlling the resources (for example, file descriptors, memory, file system space, etc.) that a process may use. Various types of sandbox tech Jails - freebsd Much like Solaris 10’s zones, restricted operating system, also able to install OSes inside, like Debian http://devil-detail.blogspot.com/2013/08/debian-linux-freebsd-jail-zfs.html Pledge(8) - new to OpenBSD Program says what it should use, if it steps outside those lines, it’s killed http://www.tedunangst.com/flak/post/going-full-pledge http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/pledge.2?query=pledge http://www.openbsd.org/papers/hackfest2015-pledge/mgp00008.html Chroot - openbsd, linux (chroot jails) “A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children” Example: “www” runs in /var/www. A chrooted www website must contain all the necessary files and libraries inside of /var/www, because to the application /var/www is ‘/’ Rules based execution - AppArmor, PolicyKit, SeLinux Allows users to set what will be ran, and which apps can inject DLLs or objects. “It also can control file/registry security (what programs can read and write to the file system/registry). In such an environment, viruses and trojans have fewer opportunities of infecting a computer.” https://en.wikipedia.org/wiki/Seccomp https://en.wikipedia.org/wiki/Linux_Security_Modules Android VMs Virtual machines - sandboxes in their own right Snapshot capability Revert once changes have occurred CON: some malware will detect VM environments, change ways of working Containers (docker, kubernetes, vagrant, etc) Quick standup of images Blow away without loss of host functionality Helpful
Released:
Feb 6, 2017
Format:
Podcast episode
Titles in the series (100)
2020-023-James Nelson from Illumio, cyber resilence, business continuity: James Nelson, VP of Infosec, Illumio How has COVID-19 changed cybersecurity? Why is cyber resilience especially important now? What are the most important steps to ensure cyber-resiliency? How do you talk to business leaders about investing in... by BrakeSec Education Podcast