+Warwagon MVC Posted April 3, 2011 MVC Share Posted April 3, 2011 Sandbox executables who's ports are exposed to the internet. For the year or so I've been running a VNC server on my local LAN. Recently I forwarded a port of my choice (not the regular vnc port) through my router so I can connect via my ipod touch wherever I'm at and look at my security camera. Opening ports always freaks me out a little, because of potential vulnerabilities on the app which is now listening on the internet. So I thought what if I install sandboxie on the system and sandbox the winvnc server running on the system. Well I did that and I can still connect just fine and everything is working great. My question is, if someone were to hack in via what ever executable you had on the internet, and if that program was sandboxed,I would assume the hacker would then be sandboxed inside the machine. I've also configured the sandbox to turn off the mouse and keyboard. So when you connect to vnc from the outside the keyboard and mouse do not work. How about running a free webserver on the system and having it also sandboxed? If the sandbox is set to "Read only", even if they were to exploit the webserver they would only have read only access inside the sandbox. With sandboxie you can also block access to certain folders. So if the server was compromised it would still be sandboxed and if configured they wouldn't be able to access the directories in the block list, like c:\Windows. Although some programs do need access to that directory just to run, plus read only access is good enough just as long as they can't write to that directory. One place you wouldn't want them to read is like a places like the document directory. Just wondering. Link to comment Share on other sites More sharing options...
+Xinok Subscriber² Posted April 3, 2011 Subscriber² Share Posted April 3, 2011 When a person hacks you, they're looking to run code on your machine that will give them access. So the idea is that code will be isolated to the sandbox. Most likely, the code will be isolated to the sandbox. But if they find a way to exploit an external process that isn't sandboxed through the open port, then the code could run outside of the sandbox. However, that's highly unlikely. It depends on what you're worried they will have access to though. By default, Sandboxie gives processes full access to all the files on your computer. You should configure the sandbox to restrict access to specific files and folders, and only allow certain processes to run and have internet access. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted April 4, 2011 Veteran Share Posted April 4, 2011 why not just run logmein or teamviewer, there are no ports to open and you will have access from where ever. Link to comment Share on other sites More sharing options...
Subject Delta Posted April 4, 2011 Share Posted April 4, 2011 The problem here is that the VNC viewer only provides a platform to interact with your computer remotely. If my understanding is correct, sandboxing the VNC server will prevent it from causing any damage to your data, however if someone manages to break into it, they will still have admin level access to your computer, as they will be able to interact with the shell. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted April 4, 2011 Author MVC Share Posted April 4, 2011 The problem here is that the VNC viewer only provides a platform to interact with your computer remotely. If my understanding is correct, sandboxing the VNC server will prevent it from causing any damage to your data, however if someone manages to break into it, they will still have admin level access to your computer, as they will be able to interact with the shell. Correct. But Sandboxie when it sandboxes the VNC viewer also (by default) blocks any mouse and keyboard commands. You can of course change that, but the way I have it setup now, I can log into and see my security cam that is running full screen, but I can't control the mouse or type anything. I actually like it his way, because I was constantly on my laptop doing a windows key + R and accidentally doing the run command on vnc. Link to comment Share on other sites More sharing options...
Subject Delta Posted April 4, 2011 Share Posted April 4, 2011 Correct. But Sandboxie when it sandboxes the VNC viewer also (by default) blocks any mouse and keyboard commands. You can of course change that, but the way I have it setup now, I can log into and see my security cam that is running full screen, but I can't control the mouse or type anything. I actually like it his way, because I was constantly on my laptop doing a windows key + R and accidentally doing the run command on vnc. Ahh I see, fair enough Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted April 4, 2011 Author MVC Share Posted April 4, 2011 why not just run logmein or teamviewer, there are no ports to open and you will have access from where ever. Do they have an ipod app for logmein that's free? The one I use now is vnc viewer free on the ipod touch. I just open it, click on connect and then click my internet IP in the list and i'm connected Link to comment Share on other sites More sharing options...
sc302 Veteran Posted April 4, 2011 Veteran Share Posted April 4, 2011 Do they have an ipod app for logmein that's free? The one I use now is vnc viewer free on the ipod touch. I just open it, click on connect and then click my internet IP in the list and i'm connected I thought the Ipod/Iphone had a full fledged browser. If not then you would need the $30 ignition for your device. For everyone else it is free, apple you have to pay for... Link to comment Share on other sites More sharing options...
farmeunit Posted April 4, 2011 Share Posted April 4, 2011 TeamViewer has a free app. http://www.teamviewer.com/en/download/mobile.aspx I actually like it better than LogMeIn Ignition. I use LogMeIn when controlling from another computer. TeamViewer on my Droid. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted April 4, 2011 Author MVC Share Posted April 4, 2011 I use teamviewer all the time to. But vnc is so easy Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted February 15, 2012 Author MVC Share Posted February 15, 2012 Main post updated Link to comment Share on other sites More sharing options...
sc302 Veteran Posted February 15, 2012 Veteran Share Posted February 15, 2012 and logmein ignition is now free :p It is for my ipad anyway. Link to comment Share on other sites More sharing options...
Bryan R. Posted February 15, 2012 Share Posted February 15, 2012 VNC? May as well use RDP. Remote access via an open port is still remote access via an open port. Logmein, or something similar or VPN. Not this convoluted open port, sandbox business. Link to comment Share on other sites More sharing options...
Recommended Posts