2. About Sandbox
In the world of cybersecurity, a sandbox environment is an isolated virtual machine in
which potentially unsafe software code can execute without affecting network resources
or local applications.
Cybersecurity researchers use sandboxes to run suspicious code from unknown
attachments and URLs and observe its behavior.
Any action take by suspicious virus present in these will not effect our System.
Outside of cybersecurity, developers also use sandbox testing environments to run code
before widespread deployment.
3. Purpose of a Sandbox
The purpose of the sandbox is to execute malicious code and analyze it. Sometimes, this code
could be a zero-day exploit where the malware’s effect and payload are unknown. Because of
this, the sandbox must not have any access to critical infrastructure.
With a sandbox, cybersecurity researchers and analysts can understand the way malware
works and what can be done to stop it.
For complex attacks, sandbox environments are readily available to quickly analyze malware
and stop it before it becomes a global issue.
Ransomware, for example, can spread globally and crash critical government systems. This
makes it important for researchers to have ready access sandboxes to help stop it.
4. Sandbox Security Implementations
There are several options for sandbox implementation that may be more or less appropriate depending
on your organization’s needs. Three varieties of sandbox implementation include:
Emulation of an actual device.
This could be emulation of a desktop or mobile device. In either case, the application being tested
must have access to the same resources as the code being analyzed, including CPU, memory and
storage.
Emulation of the target operating system.
Using a virtual machine, the application must have access to the operating system. With a virtual
machine, the sandbox is isolated from the underlying physical hardware but has access to the
installed operating system.
Virtualized environment.
Usually, a sandbox is on a virtual machine so that it has no access to physical resources but can
access virtualized hardware.
5. Features of Sandbox
Main methodologies to analyze malware for observing functional characteristics in a controlled
environment like sandbox is based on:
a) comparison of the operating system status before and immediately after the malware execution.
b) runtime actions monitoring
Sandbox features include monitoring of:
created or modified files created process
access or system registry key modifications instanced network connections
dynamic loaded libraries data transmitted over the network