Thursday, November 20, 2008

Your Browser, In Anonymity And Safety - Browser Isolation

In the Internet, just as in the real world, there are places where you just don't go, if you want to stay alive and / or safe. Safety on the Internet starts with staying out of web sites where you don't belong, and hardening your browser when you surf web sites that you don't completely trust. Besides hardening your browser, by disabling scripts from untrusted web sites, browser isolation is a new and promising protection technique. We isolate our browsers using two alternate techniques - proxy servers and sandboxes.

A proxy server can be run locally (on your network), or remotely (on the Internet). When run remotely, and provided by a third party, it provides anonymity as well as security. Address traces, such as from a visitor log in our blogs, show visitors as the proxy server and no farther. The security provided by a proxy server is configurable - if all that you desire is anonymity, you can enable many proxy servers to pass browser content that isn't necessarily safe.

An extreme version of proxy servers is found in onion routing, where you surf (and do other things) using a cascading series of proxy servers between you and the target server.
  • You connect directly to proxy server A.
  • From proxy server A, you connect to proxy server B.
  • From proxy server B, you connect to proxy server C.
  • From proxy server C, you connect to your target.
  • As you feel the need, you may add proxy server D, E, and so on.
Do you see the layers of the onion?

A sandbox runs locally (on your computer), and provides complete security by isolating specific processes such as your browser from the rest of the operating system. Since a sandbox runs on your computer, it provides no anonymity. Visitor logs show the address of your computer (or your network).

One problem with proxy servers is that they involve a third computer (the proxy server) between your computer and the target computer (the remote server), and this makes surfing with a proxy slower than surfing without a proxy. You can surf unknown websites from a sandboxed browser, and enjoy the same speed as from a browser outside the sandbox, in safety (though not anonymity).

Virtual machines, which provide a complete copy of the operating system running as an application on your computer, are the most versatile sandbox. A lightweight virtual machine can be had as SandboxIE, which was originally developed to sandbox Internet Explorer, which is known for being unsafe. With a minimum amount of work, you can run other browsers, and other applications in general, from SandboxIE. With browser content that isn't necessarily safe, staying within the sandbox, your computer is safe.

If you want both anonymity and safety, you run a browser from within a sandbox, and surf through a proxy server from the sandboxed browser. This will be no slower than surfing directly within a proxy server, and no less safe than surfing directly using a browser inside the sandbox.

>> Top

No comments: