Informazioni personali

Cerca nel blog

Translate

Visualizzazione post con etichetta Operating system. Mostra tutti i post
Visualizzazione post con etichetta Operating system. Mostra tutti i post

martedì 21 ottobre 2014

Is Sandboxing technology the answer?

Most of the security solutions in the market those days leverage sandboxing technologies to deal with Advanced Persistent Threats,  “0”days vulnerability, target attack and so on.

It would be interesting to analyze the good and the limits of this kind of technologies to be able to better choose our security solutions.

What is a Sandbox?

sandboxing means to create a “virtual”, “fake” image that can be targeted by malware attackers o unknown security problems.

Monitoring the change that happen to this decoy it is possible to understand if something strange is going on. The idea basically is that since the fake machine should perform just a serie of deterministic actions anything that goes out of the baseline is something that require further investigation.

So configuration changes to files or registry, unwanted external communications, different memory load everything can be used to understand if something is going weird.

The hardest part in creating a sandboxing system is that the target should look like a normal environment, while it has to be deeply monitored, far beyond the usual monitoring needs.

another hard point for sandboxing technology is that the decoy should be as close as possible to the used systems you want to protect, otherwise you could not be able to look at what is happening in the real environment.

Last, but not least, we should remember that some of malware and attack that are outside come against sandboxing technology using stealth or anti sandbox technology. While the first try to hide and be undetectable, the second try to understand if the target is a real or fake one, and in the second case stop any execution in order to not be detected.

Sandboxing techniques are effective and a powerful tools when dealing with security but should be implemented carefully.

we should take in account some considerations:

1) the less standard is your environment the less effective is the sandboxing approach. This is related not only to operating systems in the several version, patch level and so on, but also to all the software running on the platform.

If we think, as an example, to a microsoft environment we should be able to duplicate all the existing configuration: Windows version, service pack, Office version and patches, browsers and so on.

Now this seems easy but if we do not have a strict control we could be in need to create a great number of sandbox units in order to fit the various configuration. And I’m not considering hardware drivers….

2) a sandbox can be exploited

The sandbox itself can be exploited. Usually we are dealing with some sort of virtual image that is monitored by its drivers, this means that the sandbox itself is not immune to attacks. Target attacks or APT can have all the interests to leverage eventual vulnerability of the sandbox systems in order to be successful.

3) an evolving environment needs an evolving sandbox systems

as for the other security technologies the sandboxing is useless if not insert in a series of process that deal with the security, a process that has to take into account the evolution of the systems and user behaviours as well as of the external environment in terms of threats and technologies.

So are sandboxing technologies worth the effort? The answer is simply yes but in a clear security context. As for reputation technologies, sandboxing could not be, alone, the answer but sure is a powerful tool if used correctly. Beside marketing effort that sometimes present those technologies as the holy grall of security we should be aware that are just tools to be wisely used .

 

Is Sandboxing technology the answer?

Most of the security solutions in the market those days leverage sandboxing technologies to deal with Advanced Persistent Threats,  “0”days vulnerability, target attack and so on.

It would be interesting to analyze the good and the limits of this kind of technologies to be able to better choose our security solutions.

What is a Sandbox?

sandboxing means to create a “virtual”, “fake” image that can be targeted by malware attackers o unknown security problems.

Monitoring the change that happen to this decoy it is possible to understand if something strange is going on. The idea basically is that since the fake machine should perform just a serie of deterministic actions anything that goes out of the baseline is something that require further investigation.

So configuration changes to files or registry, unwanted external communications, different memory load everything can be used to understand if something is going weird.

The hardest part in creating a sandboxing system is that the target should look like a normal environment, while it has to be deeply monitored, far beyond the usual monitoring needs.

another hard point for sandboxing technology is that the decoy should be as close as possible to the used systems you want to protect, otherwise you could not be able to look at what is happening in the real environment.

Last, but not least, we should remember that some of malware and attack that are outside come against sandboxing technology using stealth or anti sandbox technology. While the first try to hide and be undetectable, the second try to understand if the target is a real or fake one, and in the second case stop any execution in order to not be detected.

Sandboxing techniques are effective and a powerful tools when dealing with security but should be implemented carefully.

we should take in account some considerations:

1) the less standard is your environment the less effective is the sandboxing approach. This is related not only to operating systems in the several version, patch level and so on, but also to all the software running on the platform.

If we think, as an example, to a microsoft environment we should be able to duplicate all the existing configuration: Windows version, service pack, Office version and patches, browsers and so on.

Now this seems easy but if we do not have a strict control we could be in need to create a great number of sandbox units in order to fit the various configuration. And I’m not considering hardware drivers….

2) a sandbox can be exploited

The sandbox itself can be exploited. Usually we are dealing with some sort of virtual image that is monitored by its drivers, this means that the sandbox itself is not immune to attacks. Target attacks or APT can have all the interests to leverage eventual vulnerability of the sandbox systems in order to be successful.

3) an evolving environment needs an evolving sandbox systems

as for the other security technologies the sandboxing is useless if not insert in a series of process that deal with the security, a process that has to take into account the evolution of the systems and user behaviours as well as of the external environment in terms of threats and technologies.

So are sandboxing technologies worth the effort? The answer is simply yes but in a clear security context. As for reputation technologies, sandboxing could not be, alone, the answer but sure is a powerful tool if used correctly. Beside marketing effort that sometimes present those technologies as the holy grall of security we should be aware that are just tools to be wisely used .

 

martedì 25 settembre 2012

Windows 8 product Key

Image via CrunchBase

Ok guys I0’m back on track and start writeing again.

 

I just started to play with windows 8 and i have some impressions, but first of all i wanna give you a simple advise: write your product key somewhere before installing it, because changing product key on windows 8 can be frustrating.

We do not have a direct link to a change Key tool, not help would be of some use, since the instructions does not lead you anywhere.

 

The best thing to do is quick search internet, but again there are more articles than solutions. Well the good news is that it can be solved Sorriso

 

so what do you have to do?

Open the command prompt with administrative privileges

write this simle command (a vbs script)

 

Microsoft Windows [Versione 6.2.9200] (c) 2012 Microsoft Corporation. Tutti i diritti riservati.

C:Windowssystem32>slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX C:Windowssystem32>

there are some similar indications on the web but I found most do not remind you to use administrative provoleges

Rremember even if you are your pc admin on windows 8 you do not run application with administrative provileges by default so you have to explicitally declare it

And some does not indicate the /ipk parameter, well it is not a problem the help comes out to support you

Windows 8 product Key

Image via CrunchBase

Ok guys I0’m back on track and start writeing again.

 

I just started to play with windows 8 and i have some impressions, but first of all i wanna give you a simple advise: write your product key somewhere before installing it, because changing product key on windows 8 can be frustrating.

We do not have a direct link to a change Key tool, not help would be of some use, since the instructions does not lead you anywhere.

 

The best thing to do is quick search internet, but again there are more articles than solutions. Well the good news is that it can be solved Sorriso

 

so what do you have to do?

Open the command prompt with administrative privileges

write this simle command (a vbs script)

 

Microsoft Windows [Versione 6.2.9200] (c) 2012 Microsoft Corporation. Tutti i diritti riservati.

C:Windowssystem32>slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX C:Windowssystem32>

there are some similar indications on the web but I found most do not remind you to use administrative provoleges

Rremember even if you are your pc admin on windows 8 you do not run application with administrative provileges by default so you have to explicitally declare it

And some does not indicate the /ipk parameter, well it is not a problem the help comes out to support you