At 11:47 AM 7/12/2005, Tyler Durden wrote:
How secure can I make a Java sandbox from the rest of the network I'm on? Can I make it so that my network administrator can't see what I'm typing? In other words, a secure environment that's sitting on an insecure machine.
There's the "network" and there's the computer. If you're on a computer you can't trust, you can't trust it. If you're the sysadmin for the box, and nobody else is, then you're only exposed to eavesdropping on the network. If you can't trust the sysadmins for the computer not to do keystroke logging and CarbonCopy your screen, you've got a much tougher threat model. If you've got a machine you're willing to trust, you can tunnel everything else you do through encrypted tunnels; the network administrator will be able to see where the outside of the outer tunnel is, if that bothers you. There are a number of SSL-based VPN tunnel products on the market, including some that just use the browser's SSL capabilities, some that use a browser with Java app clients, and some that use actual installed client software. Aventail is one vendor, Cisco's another, there are lots more, but I haven't seen any open-source server versions (e.g. Apache plugins), though some servers do at least run on Linux. Some of Aventail's products are made to run on a publicly-accessible machine, e.g. cybercafe model, and give you a "virtual desktop" that looks like your home system and clean up after themselves when you log off.