Chapter 9 - 04 - Application Security Testing Techniques and Tools - 05_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Application Security Exam 212-82 Additional Application Whitelisting and Blacklisting Tools fii_rlosk Digital Kaspersky Whitelist Digital Guardian PolicyPak https://digitalguardion.com https://www.policypak.com Ivanti Application Control PowerBroker https://www.ivanti.com https://www.beyondtrust.com Thycotic Faronics Anti-executable https://thycotic.com https://www.foronics.com RiskAnalytics McAfee Application Control https://riskanalytics.com https://www.mcofee.com Additional Application Whitelisting and Blacklisting Tools Some additional application whitelisting and blacklisting tools are listed below: Airlock Digital (https.//www.airlockdigital.com) Digital Guardian (https.//digitalguardian.com) Ivanti Application Control (https://www.ivanti.com) Thycotic (https://thycotic.com) RiskAnalytics (https://riskanalytics.com) Kaspersky Whitelist (https://whitelist.kaspersky.com) PolicyPak (https.//www.policypak.com) PowerBroker (https://www.beyondtrust.com) Faronics Anti-executable (https://www.faronics.com) McAfee Application Control (https://www.mcafee.com) Module 09 Page 1212 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security Exam 212-82 Application Sandboxing Running an Application Without a Sandbox ! Running an Application With a Sandbox 1 Sandbox Other User All User Data Data Unrestricted Access v No Access Application T Unrestricted Access - Unrestricted Access L Other System Resources All System e T Unrestricted Access Resources Application Sandboxing (Cont’d) Isolation-based Sandbox [ Rule-based Sandbox ) Permitted R esources Permitted Resources Sandboxed Process.,o..,.../ Access Based on Sandboxed Process Access Resources Processes Copyright © by All Rights Reserved. Reproduction is Strictly Prohibited Application Sandboxing Application sandboxing is the process of running applications in a sealed container that the applications cannot access critical system resources and other programs. extra layer of security and protects apps and the system from malicious apps. It is execute untrusted or untested programs or code from untrusted or unverified Module 09 Page 1213 (sandbox) so It provides an often used to third parties Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security without risking the Exam 212-82 host system or OS. The protection provided by the sandbox is not sufficiently robust against advanced malware that target the OS kernel. When an application is executed without a sandbox, it has unrestricted access to system resources and all user data. In contrast, an application executed within a sandbox has restricted access to the system resources and data outside the sandbox. Installing a sandboxed app in a system creates a specific directory (sandboxed directory). By default, the app has unlimited read and write access to the directory. However, apps within the directory are not allowed to read or write the files outside the directory or access other system resources, unless authorized. Running an Application Without a Sandbox Running an Application With a Sandbox o User Data Data | Unrestricted Access = ' Application l T Unrestricted Access No Access Application I l T Unrestricted Access Unrestricted Access Other Resources System All System Resources Resources Figure 9.25: Execution of an application with and without a sandbox The following approaches can be used to implement an application sandbox. = |solation-based approach: In this approach, a program running in the sandbox is isolated from the system resources and programs running outside the sandbox. i Sandbox Y Sandbox Resources Permitted Resources Sandboxed Process Sandboxed Process Permitted \) y Processes 4 i 4 Resources Figure 9.26: Isolation-based sandbox Module 09 Page 1214 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security = Exam 212-82 Rule-based approach: In this approach, the sandbox controls what each application can do and permits applications to share resources based on the set rules. Sandbox Sandboxed Process Access Based on Policies Access r Resources L Processes Figure 9.27: Rule-based sandbox Module 09 Page 1215 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security Exam 212-82 Application Sandboxing Tools ® dboxie ® L4 [ ] Sandboxie keeps the browser isolated and blocks malicious software, viruses, ransomware, and zero-day threats | Q BUFFERZONE https://bufferzonesecurity.com Fide View Sandbox Configure Help ’ Program Name PID = Sandbox Defaultbon Actrve l_f; SendboneRpcSs exe 12024.—T‘ SandboxieDcomLaunch.exe 1350 Vindow Title A a SHADE | fi. 7\("0"\!-0( 13948 W) chvome. 15332 B | cvome.cne = F‘ chrome.exe na E‘ chrome.exe 1274 W] cwome.cne B 1 cvnmese 15722 11028 —— < Sandbox https.//www.shadesandbox.com Shadow Defender http://www.shodowdefender.com ’ L) Browserin the BoxTS https://www.rohde-schwarz.com ’ https.//www.sandboxie.com c) > Toolwiz Time Freeze http://www.toolwiz.com I Copyright © by EC All Rights Reserved. Reproduction is Strictly Prohibited Application Sandboxing Tools = Sandboxie Source: https://www.sandboxie.com Sandboxie is a sandboxing tool developed by Sophos. It keeps the browser isolated and blocks malicious software, viruses, ransomware, and websites from modifying files and folders on the system. zero-day The following are the steps to allow already installed programs threats. It prevents (e.g., a browser) in Sandboxie: o Select Sandbox = Default Box = Run Sandboxed = Run Web browser. o Select Run Any Program to allow any other application. Module 09 Page 1216 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Application Security Exam 212-82 Sandboxie Control File View Sandbox — Configure PID S Sandbox DefaultBox Active [E' SandboxieRpcSs.exe 12024 @ 1360 SandboxieDcomLaunch.exe W W W W B 32 7 chrome.exe | chrome.exe | chrome.exe | chrome.exe | chrome.exe a264 13048 15332 2260 11244 chrome.exe 12744 B 7 chrome.exe 15732 l. 11048 [fl II chrome.eve X Help Program Name chrome.exe O Window Title [#] New Tab - Google Chrome o [#] ] Y Figure 9.28: Working of Sandboxie Control Some additional application sandboxing tools are listed below: = BUFFERZONE (https://bufferzonesecurity.com) = SHADE Sandbox (https://www.shadesandbox.com) = Shadow Defender (http.//www.shadowdefender.com) = Browser in the Box TS (https.//www.rohde-schwarz.com) * Toolwiz Time Freeze (http.//www.toolwiz.com) Module 09 Page 1217 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.