RHEL – 6 Sandbox
Thursday, March 24th, 2011 by Anoop Manoj (See all posts by Anoop Manoj)
Before telling about Sandboxing, let me just give you a small description on RHEL. RHEL is Red Hat Enterprise Linux and its latest version RHEL 6. It is the new generation linux platform of RedHat. It is also designed to meet the needs of the upcoming generations of hardware and software technologies. The following architectures are supported with RHEL 6 version
* i386
* AMD64/Intel64
* System z
* IBM Power (64-bit)
RHEL – Sandboxing
RHEL 6 is now out with the latest technologies and the one of the much improved application is the Sandboxing. It is a security feature implemented in RHEL 6 for separating running programs.
Do you have an untrusted program that you would like to run in your server? With the sandboxing you can execute a code, a program that is untrusted and untested.
A sandbox sets fixed resources for the guest programs to run. Its similar to the space at our home, where guests stay at a fixed room in our house and are satisfied with the resources that we provide them. Similarly, we can fix policies or a set of rules for the sandbox, which determines what program to grant access, which to block or deny.
When a hard disk drive uses the Sandbox, the processes are isolated inside a harddisk without intercepting other processes. This also helpful in deleting this group with an ease.
Advantages of a Sandbox:
1. You can browse any website with no issues and if any malicious contents are downloaded from these websites are indentified as untrusted programs and are downloaded to the sandbox. This can be easily deleted eventually.
2. Your web browsing details, cookies etc will be stored in the sandbox and is not transferred to your OS.
3. Virus affected programs and malicious programs cannot come out of the isolated sandbox and affect your system.
The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.
