von VPNHaus | 09.08.2012 |Industry Commentary, SSL, VPN, Windows

By Dr. Matthias St. Pierre, Senior Developer at

In my previous post on sandboxing, I explained why this security function is necessary and how it operates. Let’s now look deeper at the impact of sandboxing.

A side effect of the file system redirection and the desktop isolation is, they prevent accidental changes to the client computer. All changes to the file system during the SSL VPN session disappear once the user terminates the session.  Even in the case of a power failure, the data would not be jeopardized, since the encryption key is lost and the content of the sandbox remains garbled because of the encryption and will automatically be deleted when the user starts the next SSL VPN session.

The sandbox might even prevent some downloaded malicious code from doing harm to your file system. But it is important to note, sandboxing should not be considered an absolute security barrier. For instance, the sandbox will not shield you from any keylogger or Trojan that has already infected the computer.  Neither will it be able to give you a 100% guarantee that it cannot be circumvented by malicious code. This limitation is due to the fact that the sandbox is implemented entirely as a user mode process with limited user rights. There is no kernel driver or high privileged service involved. This is a design decision, as it enables the sandbox to run out-of-the-box without installation.

Ultimately, using an SSL VPN from an untrusted computer, like a dubious PC at an Internet café, is not a good idea in the first place. Always use trusted computers, which have the latest security updates installed, keep your virus scanner up-to-date, and don’t disable the Windows user account control. If you keep this in mind, you are reasonably secure and the sandbox can concentrate on protecting the privacy of your data.

msp[1]

By Dr. Matthias St. Pierre, Senior Developer at NCP engineeringhttp://vpnhaus.ncp-e.com/wp-content/uploads/2012/08/msp1.png

In my previous post on sandboxing, I explained why this security function is necessary and how it operates. Let’s now look deeper at the impact of sandboxing.

A side effect of the file system redirection and the desktop isolation is, they prevent accidental changes to the client computer. All changes to the file system during the SSL VPN session disappear once the user terminates the session.  Even in the case of a power failure, the data would not be jeopardized, since the encryption key is lost and the content of the sandbox remains garbled because of the encryption and will automatically be deleted when the user starts the next SSL VPN session.

The sandbox might even prevent some downloaded malicious code from doing harm to your file system. But it is important to note, sandboxing should not be considered an absolute security barrier. For instance, the sandbox will not shield you from any keylogger or Trojan that has already infected the computer.  Neither will it be able to give you a 100% guarantee that it cannot be circumvented by malicious code. This limitation is due to the fact that the sandbox is implemented entirely as a user mode process with limited user rights. There is no kernel driver or high privileged service involved. This is a design decision, as it enables the sandbox to run out-of-the-box without installation.

Ultimately, using an SSL VPN from an untrusted computer, like a dubious PC at an Internet café, is not a good idea in the first place. Always use trusted computers, which have the latest security updates installed, keep your virus scanner up-to-date, and don’t disable the Windows user account control. If you keep this in mind, you are reasonably secure and the sandbox can concentrate on protecting the privacy of your data.

Diese Webseite verwendet Cookies

Wir verwenden Cookies, um Inhalte zu personalisieren und die Zugriffe auf unsere Website zu analysieren. Weitere Informationen finden Sie in unserer Datenschutzerklärung.

OK