[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
Thanks Ben Tasker for the information.
Regarding KVM:
If I use two KVMs one for offline use and other for online use then would you say that the KVM used for offline use is 100% safe? (as KVM basically is a hardware-assisted virtualization)
---- On Sun, 24 Mar 2019 15:51:27 -0700 Ben Tasker <ben@xxxxxxxxxxxxxxx> wrote ----
Most browsers actually already do exactly this and run tabs inside a
sandbox.
If you wanted to restrict that further, you could look at chrooting or
using docker. Or take it a step further and use a full blown VM (whether
that's KVM or something like Virtualbox).
But don't, please, follow the suggestion of using root for routine
non-internet tasks. You should use privileged accounts only when you
actually require that level of privilege. Also keep in mind that while
malware running as an unpriviliged user cannot (generally) hose the system,
it can still steal/corrupt whatever data that user has access to. Unless
this is a shared system, you probably care more about that data than the OS
files themselves.
On Sun, 24 Mar 2019, 13:27 npdflr, <mailto:npdflr@xxxxxxxx> wrote:
> Using internet in a sandbox environment would be ideal to prevent
> viruses/theft.
>
>
>
> I am posting some links related to this topic.
>
>
>
> 1) Discussion on stackexchange:
> https://security.stackexchange.com/questions/35373/how-to-make-sandbox-only-internet-access
>
>
>
> 2) Using hypervisor/kvm to connect to the internet. Hypervisor
> Technologies:
> https://opensourceforu.com/2016/03/the-top-open-source-hypervisor-technologies/
>
>
>
>
> 3) Virtual Desktop: https://help.comodo.com/topic-72-1-522-6274-.html
>
>
>
> 4) Another way would be to block internet for the root user in Linux and
> allowing internet only for other users. In this way, one is using root for
> offline activities and other users for online activities (just like a
> sandbox environment).
>
>
>
> But it looks like if you enable internet connection for non-root user then
> the root user is automatically connected to the internet (I maybe wrong).
>
> I have tried using some commands from the below links replacing "USERNAME"
> with "root" (THERE MAYBE RISK INVOLVED IN DOING SO) but I had to restart
> the system to enable the internet connection again.
>
>
> https://askubuntu.com/questions/223434/how-to-disable-internet-for-a-user-on-a-system
>
>
> https://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html
>
>
>
>
>
> Any suggestions?
>
>
>
> Thank you.
> --
> tor-talk mailing list - mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
--
tor-talk mailing list - mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk