Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to integrate sandboxing(cuckoo sanboxing) in OPNsense? (Read 1831 times)
nitish.patel
Newbie
Posts: 36
Karma: 0
How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
«
on:
July 31, 2023, 10:05:38 am »
I was trying to integrating cuckoo to the OPNsense as we don't have sanboxing in OPNsense so I want to integrate it on the firewall. I had searched for many articles how to but, no luck
. Guide me regarding my issue.
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
«
Reply #1 on:
July 31, 2023, 10:34:44 am »
This project?
https://cuckoosandbox.org/blog
- seems to be dead since 2019
- does not support FreeBSD
So this looks like a major software development and porting effort. Nobody can guide you - the software is in no way able to run on OPNsense, currently.
What exactly do you want to achieve? There's ClamAV, Suricata and Zenarmor for malware and threat detection and mitigation.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
nitish.patel
Newbie
Posts: 36
Karma: 0
Re: How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
«
Reply #2 on:
July 31, 2023, 11:05:00 am »
I don't want to add cuckoo particularly. Is their any other way to do so?
Let me know if any other sanboxing can be implemented on OPNsense or let me know if any feature is already available on OPNsense parallel to sanboxing?
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
«
Reply #3 on:
July 31, 2023, 11:20:09 am »
What exactly do you mean by sandboxing? Malware mitigation? As I said there is ClamAV (antivirus) and Suricata and Zenarmor (IDS/IPS).
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
nitish.patel
Newbie
Posts: 36
Karma: 0
Re: How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
«
Reply #4 on:
July 31, 2023, 12:14:04 pm »
From sandboxing I mean "To prevent advance persistent threat". I want to implement concept like cuckoo in OPNsense, or similar to cuckoo sandboxing.
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
«
Reply #5 on:
July 31, 2023, 12:53:21 pm »
How do you think a concept like sandboxed malware analysis can be employed in the context of a network perimeter device, i.e. a firewall?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
nitish.patel
Newbie
Posts: 36
Karma: 0
Re: How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
«
Reply #6 on:
August 01, 2023, 06:58:43 am »
Gateway solutions like fortinet, sophos(they call it sandstorm) provide sandboxing for forensics along with gateway antivirus, IPS/IDS solutions was looking for something like that, was wandering if cuckoo can be used with some customization for the purpose of gateway sandboxing.
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
«
Reply #7 on:
August 01, 2023, 08:57:37 am »
Please explain to me what exactly is gateway sandboxing?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
nitish.patel
Newbie
Posts: 36
Karma: 0
Re: How to integrate sandboxing(cuckoo sanboxing) in OPNsense?
«
Reply #8 on:
August 03, 2023, 08:06:06 am »
Sandboxing is a technique in which you create an isolated test environment, a “sandbox,” in which to execute or “detonate” a suspicious file or URL that is attached to an email or otherwise reaches your network and then observe what happens. If the file or URL displays malicious behavior, then you’ve discovered a new threat. The sandbox must be a secure, virtual environment that accurately emulates the CPU of your production servers.
Sandboxing is particularly effective at defending against zero-day threats. Traditional inbound email filters scan emails for known malicious senders, URLs, and file types. Unfortunately, there are dozens of new (or “zero-day”) threats that appear every single day and are not yet discovered by email filters. Sandboxing, which is a key component of advanced threat protection, provides an added layer of protection in which any email that passes the email filter and still contains unknown URL links, file types, or suspicious senders can be tested before they reach your network or mail server.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
How to integrate sandboxing(cuckoo sanboxing) in OPNsense?