How to integrate sandboxing(cuckoo sanboxing) in OPNsense?

Started by nitish.patel, July 31, 2023, 10:05:38 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 31, 2023, 10:05:38 AM
I was trying to integrating cuckoo to the OPNsense as we don't have sanboxing in OPNsense so I want to integrate it on the firewall. I had searched for many articles how to but, no luck :( . Guide me regarding my issue.
July 31, 2023, 10:34:44 AM #1
This project?

https://cuckoosandbox.org/blog

- seems to be dead since 2019
- does not support FreeBSD

So this looks like a major software development and porting effort. Nobody can guide you - the software is in no way able to run on OPNsense, currently.

What exactly do you want to achieve? There's ClamAV, Suricata and Zenarmor for malware and threat detection and mitigation.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 31, 2023, 11:05:00 AM #2
I don't want to add cuckoo particularly. Is their any other way to do so?

Let me know if any other sanboxing can be implemented on OPNsense or let me know if any feature is already available on OPNsense parallel to sanboxing?
July 31, 2023, 11:20:09 AM #3
What exactly do you mean by sandboxing? Malware mitigation? As I said there is ClamAV (antivirus) and Suricata and Zenarmor (IDS/IPS).
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 31, 2023, 12:14:04 PM #4
From sandboxing I mean "To prevent advance persistent threat". I want to implement concept like cuckoo in OPNsense, or similar to cuckoo sandboxing.
July 31, 2023, 12:53:21 PM #5
How do you think a concept like sandboxed malware analysis can be employed in the context of a network perimeter device, i.e. a firewall?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 01, 2023, 06:58:43 AM #6
Gateway solutions like fortinet, sophos(they call it sandstorm) provide sandboxing for forensics along with gateway antivirus, IPS/IDS solutions was looking for something like that, was wandering if cuckoo can be used with some customization for the purpose of gateway sandboxing.
August 01, 2023, 08:57:37 AM #7
Please explain to me what exactly is gateway sandboxing?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 03, 2023, 08:06:06 AM #8
Sandboxing is a technique in which you create an isolated test environment, a "sandbox," in which to execute or "detonate" a suspicious file or URL that is attached to an email or otherwise reaches your network and then observe what happens. If the file or URL displays malicious behavior, then you've discovered a new threat. The sandbox must be a secure, virtual environment that accurately emulates the CPU of your production servers.

Sandboxing is particularly effective at defending against zero-day threats. Traditional inbound email filters scan emails for known malicious senders, URLs, and file types. Unfortunately, there are dozens of new (or "zero-day") threats that appear every single day and are not yet discovered by email filters. Sandboxing, which is a key component of advanced threat protection, provides an added layer of protection in which any email that passes the email filter and still contains unknown URL links, file types, or suspicious senders can be tested before they reach your network or mail server.
Print
Go Up Pages1
User actions