1 00:00:01,317 --> 00:00:04,198 A sandbox is a security control, 2 00:00:04,254 --> 00:00:08,463 and it is an excellent isolation tool to prevent, detect, 3 00:00:08,698 --> 00:00:13,722 and mitigate threats, which I recommend you use when you can. 4 00:00:14,373 --> 00:00:17,306 Sandbox is an isolated environment 5 00:00:17,365 --> 00:00:20,172 for running applications or code. 6 00:00:20,330 --> 00:00:22,627 It’s a virtual container 7 00:00:22,652 --> 00:00:26,794 to keep the contents confined to that container. 8 00:00:27,095 --> 00:00:31,463 A sandbox should be used for high risk applications, 9 00:00:31,488 --> 00:00:36,336 such as those that interact directly with untrusted sources like the internet, 10 00:00:36,463 --> 00:00:39,174 such as browsers and email clients. 11 00:00:39,259 --> 00:00:43,576 And you're already using built in sandboxes already 12 00:00:43,601 --> 00:00:44,973 and you may not know it. 13 00:00:46,413 --> 00:00:49,860 For example, Chromium, which Chrome is based on, 14 00:00:49,937 --> 00:00:54,387 uses sandboxes and actually provides an excellent implementation 15 00:00:54,556 --> 00:00:56,860 that stood up to quite a bit of scrutiny. 16 00:00:57,021 --> 00:00:59,347 So that’s Chrome and Chromium sandboxes. 17 00:01:00,944 --> 00:01:03,884 Firefox also implements sandboxing. 18 00:01:04,123 --> 00:01:07,165 The core of the Window’s Firefox sandbox 19 00:01:07,419 --> 00:01:09,572 is actually the Chromium sandbox. 20 00:01:10,587 --> 00:01:13,077 Content loaded in browser plug-ins 21 00:01:13,102 --> 00:01:16,157 and extensions is sandboxed, like Flash, 22 00:01:16,254 --> 00:01:18,430 Silverlight, Java, etcetera. 23 00:01:18,565 --> 00:01:21,472 Not very well in some cases, unfortunately, though. 24 00:01:22,730 --> 00:01:26,074 Adobe reader now runs PDF files in a sandbox, 25 00:01:26,099 --> 00:01:30,553 attempting to prevent malicious code from escaping the PDF viewer 26 00:01:30,668 --> 00:01:32,700 and affecting the rest of the computer. 27 00:01:32,725 --> 00:01:34,941 There’s been a nasty history of that. 28 00:01:35,810 --> 00:01:39,451 Microsoft also has a sandbox mode to prevent 29 00:01:39,556 --> 00:01:42,130 unsafe macros from harming your system. 30 00:01:42,238 --> 00:01:46,181 There are many examples of built-in sandboxes, 31 00:01:46,358 --> 00:01:48,112 but we still get hacked. 32 00:01:48,250 --> 00:01:51,102 Unfortunately, not all sandboxes are made the same, 33 00:01:51,127 --> 00:01:53,309 and sandbox breakouts happen. 34 00:01:53,705 --> 00:01:58,227 Any vulnerability in any of the software we’ve just mentioned above 35 00:01:58,307 --> 00:02:01,248 that was able to get access to the operating system 36 00:02:01,341 --> 00:02:04,085 has effectively bypassed that sandbox, 37 00:02:04,259 --> 00:02:06,730 and unfortunately, there have been many cases 38 00:02:06,770 --> 00:02:09,018 where these applications, the sandboxes, 39 00:02:09,043 --> 00:02:12,433 have been broken out and the operating system has been got at. 40 00:02:13,730 --> 00:02:17,518 But we can use additional application sandboxes 41 00:02:17,543 --> 00:02:19,426 to provide defense in depth 42 00:02:19,762 --> 00:02:21,802 on top of the built-in ones. 43 00:02:21,897 --> 00:02:25,608 And a number of options exist for all operating systems 44 00:02:25,633 --> 00:02:27,904 to add additional sandboxes 45 00:02:27,977 --> 00:02:31,281 allowing you to effectively sandbox your sandboxes 46 00:02:31,503 --> 00:02:35,458 making it less likely that an attacker will succeed. 47 00:02:35,530 --> 00:02:38,836 Attackers expect to deal with built-in sandboxes, 48 00:02:38,861 --> 00:02:42,179 like the Java sandbox or the browser sandboxes, 49 00:02:42,221 --> 00:02:46,064 as they design their exploits around them, around what they expect, 50 00:02:46,127 --> 00:02:47,586 around what is normally there. 51 00:02:47,626 --> 00:02:49,856 But when you add an additional sandbox, 52 00:02:49,911 --> 00:02:52,330 the exploit is less likely to be designed 53 00:02:52,355 --> 00:02:54,727 to cope with it or be able to bypass it. 54 00:02:54,976 --> 00:02:57,164 All sandboxes work slightly different 55 00:02:57,189 --> 00:03:01,430 but are based on the core principle of not allowing the contents 56 00:03:01,484 --> 00:03:04,698 of the sandbox to spill out of the container, 57 00:03:04,761 --> 00:03:06,500 hence the name sandbox.