Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sandbox environment for URL research 1

Status
Not open for further replies.

DrB0b

IS-IT--Management
May 19, 2011
1,431
US
Hello All,
I need to pick the big brains here at TT. We are a medium size B2B business that onboards new clients daily. We have requirements that they have a functioning website, with a working cart, and have similar inventory to what we provide. This requires one of our employees to visit whatever website they put in the form to verify those criteria. Obviously, one bad actor figuring out our practice can take advantage of that easily. I am shopping ideas to mediate this exposure.

Currently, we are using and virustotal to get an idea if the site is legit or has been flagged in the past. The problem with that approach is it is more reactive in nature. Most of the DNS records I see used in email attacks are created that day, meaning virus total likely wont have had enough data to flag appropriately. And URL scan doesnt give a sandbox approach allowing you to click and see other links. You only can see the front page.

I thought about spinning up a VM in the DMZ and allowing one way RDP traffic to it from our LAN and allowing them to view sites off our internal network. That seems like a lot to remedy this. Does anyone know of a software or website that you can utilize, free or paid, that will allow you to enter a URL and traverse the site in a sandbox-esque environment?

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
Do your fellow employees already have general internet access to view any other web site? If so, your proposal for DMZ seems odd. What is there to stop any other malicious web site from being visited? It sounds like you're attempting security measures that should already be there.

If you're auditioning vendors to sell your product, look to Google and archive.org. First, see if their name (not their domain) turns up in a Google result. If they cannot be found, they are not likely going to sell your product well. Next, check out what their web site looks like on the Wayback Machine at web.archive.org. If their site has a lengthy history, it is not likely a malicious web site.





 
We have preventative measures in place where employees are only able to visit certain sites. Considering the ones in question are business related, they have access to some of them.

We are a wholesaler in which companies apply to become a distributor of our goods. Most of the companies are fledgling companies and either do not have their website fully created yet or have just created them. This makes any historical data insignificant. Since these are new companies, Google will not show much unless you are insanely specific in that search and even so it will just show you that they may have a physical location and a virtual one but no other real info.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
Google leads to plenty of options for "sandbox web browsing". There's also "Windows Sandbox" in the pro versions of Windows.

At the bare minimum, it's good to set up your browser to block scripts by default (the primary method of nasty deliveries). Consider
 
Already running that and Ublock as add-ins, but thank you. I had no idea of windows sandbox. Will have to look into that further. Usually my Google-foo is strong but perhaps my wording in my searches wasnt top notch. Thanks for the verbiage change, that search does bring up essentially what I am looking for.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
IMO 'Already running that and Ublock' would have been useful info to have included in the original post... so those of use who aren't mindreaders would have been spared asking superfluous questions... but that's just me.
 
@Rick998 - The question was not about overall protection against malicious sites. I included the question and reasoning behind it. Reread the original post. Had I wanted protection advice, I would have titled the thread something along those lines and included our defensive structure......

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top