Exercise 3.2: Linux VNC ServerECE 4112 Internetwork SecurityLab X: SandboxingGroup Number: _______________Member Names: _________________________ _________________________Date Assigned: Date Due: Last Edited: Lab Authored By: Gary Kao & Jimmy Vuong Fall 2007Please read the entire lab and any extra materials carefully before starting. Be sure to start earlyenough so that you will have time to complete the lab. Answer ALL questions and be sure youturn in ALL materials listed in the Turn-in Checklist ON or BEFORE the Date Due. Goal: This lab will introduce the concept of sandboxing, which is a way to run a program isolated from the main host system. You will be investigating what a sandbox protects you from and how not all sandboxes are created equal. Summary: In this lab you will be running three sandbox programs: Sandboxie, Virtual Sandbox, and Shadowsurfer. These are all available for free, with limitations, online. We will use programs from previous labs such as the Hacker Defender, FU, AnnaKournikova worm, and the dcom buffer overflow exploit. We are also going to investigate features of a sandbox, such asthe ability to mess with processes outside of the sandbox.Background and Theory: Sandboxes are a type of virtualization – similar toVMware. A sandbox is supposed to try to behave like the host as much as possible. It is a simple way to safely run programs, such as untested code or untrusted code. Generally, sandboxes are a transparent layer that sits on top of the host machine, so once the sandbox is being used, anything that changes the host machine actually only changes the transparent layer. This transparent can be deleted by restarting your computer or by cleaning the sandbox, depending on the program. Some security groups firmly believe in sandboxes as the ultimate form of security, since it does not change the host’s filesystem and everything reverts back to how it was before the sandbox was used. In this lab we will examine three different Sandbox programs: Sandboxie, Shadow Surfer, and Virtual Sandbox.1Sandboxie extends the operating system (OS) with sandboxing capabilities by blending into it. Applications can never access hardware such as disk storage directly, they have to ask the OS to do it for them. Since Sandboxie integrates into the OS, it can do what it does without risk of being circumvented. The following classes of system objects are supervised by Sandboxie: Files, Disk Devices, Registry Keys, Process and Thread objects, Driver objects, and objects used for Inter-process communication: Named Pipes and Mailbox Objects, Events, Mutexs (Mutants in NT speak), Semaphores, Sections and LPC Ports. Sandboxie also takes measures to prevent programs executing inside the sandbox from hijacking non-sandboxed programs and using them as a vehicle to operate outside the sandbox. Shadow Surfer captures a snapshot of your volume(s) and runs an exact duplicate in a virtual PC or server state. This virtual state, called ShadowMode, allows the user to use the PC or server as normal, but without premanently writing system changes to the hard drive. If system changes andfolder or files changes occur during a ShadowMode session, then these changes can be automatically or manually committed to the PC or server. If malicious or unwanted changes occur during a ShadowMode session, then they can be discarded with a simple reboot.Virtual Sandbox is a secure software system designed to allow unknown or untrusted programs to be run in an isolated environment without access to personal files, local networks, and system settings. With Virtual Sandbox installed, programs can be allowed to run in a discardable, carefully tailored, virtual environment that is contained and isolated from the operating system, but appears on your Windows desktop.Lab Scenario: We will be using three identical Windows virtual machines. Take oneof your virtual machines and copy it twice. First, goto your VMware folder, which is /home/vmware. Now find your Windows XP install folder, which should be called winXPPro and copy it twice with two different folder names that you should remember. Each VM will be used for each sandbox program (Sandboxie, Virtual Sandbox, and Shadow Surfer). For example, you can do #cp –r winXPPro SandboxieThis will create a new winXPPro instance in the folder called Sandboxie. Do this one more time to make the 3rd Windows image.Next, we will grab the following files from corresponding labs. You will need to remember how to use them, so we’ve included the relevant sections in each lab as appendices. :Lab5: HackerDefender (appendix A), FU (appendix B), netcat (appendix C), VNC (appendix D), IceSwordLab6: dcom exploit (appendix E)Lab8: AnnaKournikova (appendix F)Lab10: SDBot (appendix G)2Note that these appendices are only used to remember how to run the programs.Links to the three sandbox programs are found in the sources section.Section 1: Installing the Sandboxes and testingInstalling the sandboxes is relatively easy. Simply run the executables for the corresponding sandbox on each machine. For example, sandboxie.exe will install Sandboxie. On the 1st Windows VM, install Sandboxie. On the 2nd Windows VM, install Virtual Sandbox. On the 3rd Windows VM, install ShadowSurfer. After the install of each, restart the computers. When we refer to goto Sandboxie, that means to load up the 1st Windows VM, Virtual Sandbox the 2nd VM,etc. The Sandboxie install is easy and straightforward. The Virtual Sandbox install will search your computer for files, but do not let it scan so simply click cancel. Shadow Surfer asks for a restart, allow it to do so.Q1.1: You should notice that each PC will have something new when you start up. What did you notice about each sandbox after the restart? First we will do the most basic sandbox test – seeing how transparent the sandbox is. 1. First, open Sandboxie by double clicking the new icon in the system tray. Now right click on the “Default Sandbox” and click “Run Application” and open “Any Application.” Now type in “explorer” and press enter. Goto the desktop and create a new file on the desktop that you remember. Now, do you see this file on your desktop? Q1.2: Do you see the file on your desktop?2. In Virtual Sandbox, create a text file on the desktop.3. In Shadow Surfer, create a text file on the desktop.Also, for each VM, load up IE and ftp to the host computer (remember to load it up via