[tor-talk] Is there a way to use internet in a sandbox environment? (Linux)

npdflr npdflr at zoho.com
Tue Mar 26 10:50:20 UTC 2019 

Thanks Ben Tasker for the information.



Regarding KVM:

If I use two KVMs one for offline use and other for online use then would you say that the KVM used for offline use is 100% safe? (as KVM basically is a hardware-assisted virtualization)





---- On Sun, 24 Mar 2019 15:51:27 -0700 Ben Tasker <ben at bentasker.co.uk> wrote ----



Most browsers actually already do exactly this and run tabs inside a

sandbox.



If you wanted to restrict that further, you could look at chrooting or

using docker. Or take it a step further and use a full blown VM (whether

that's KVM or something like Virtualbox).



But don't, please, follow the suggestion of using root for routine

non-internet tasks. You should use privileged accounts only when you

actually require that level of privilege. Also keep in mind that while

malware running as an unpriviliged user cannot (generally) hose the system,

it can still steal/corrupt whatever data that user has access to. Unless

this is a shared system, you probably care more about that data than the OS

files themselves.







On Sun, 24 Mar 2019, 13:27 npdflr, <mailto:npdflr at zoho.com> wrote:



> Using internet in a sandbox environment would be ideal to prevent

> viruses/theft.

>

>

>

> I am posting some links related to this topic.

>

>

>

> 1) Discussion on stackexchange:

> https://security.stackexchange.com/questions/35373/how-to-make-sandbox-only-internet-access

>

>

>

> 2) Using hypervisor/kvm to connect to the internet. Hypervisor

> Technologies:

> https://opensourceforu.com/2016/03/the-top-open-source-hypervisor-technologies/

>

>

>

>

> 3) Virtual Desktop: https://help.comodo.com/topic-72-1-522-6274-.html

>

>

>

> 4) Another way would be to block internet for the root user in Linux and

> allowing internet only for other users. In this way, one is using root for

> offline activities and other users for online activities (just like a

> sandbox environment).

>

>

>

> But it looks like if you enable internet connection for non-root user then

> the root user is automatically connected to the internet (I maybe wrong).

>

> I have tried using some commands from the below links replacing "USERNAME"

> with "root" (THERE MAYBE RISK INVOLVED IN DOING SO) but I had to restart

> the system to enable the internet connection again.

>

>

> https://askubuntu.com/questions/223434/how-to-disable-internet-for-a-user-on-a-system

>

>

> https://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html

>

>

>

>

>

> Any suggestions?

>

>

>

> Thank you.

> --

> tor-talk mailing list - mailto:tor-talk at lists.torproject.org

> To unsubscribe or change other settings go to

> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

>

-- 

tor-talk mailing list - mailto:tor-talk at lists.torproject.org

To unsubscribe or change other settings go to

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list