[Opensim-users] Securing OpenSim with Sandboxie

Sun Mar 29 20:54:43 UTC 2009

Hey Ralf... 

Thanks for the information, I had never heard of virtualbox before and will
defentrly check it out.

But how does virtualization provide security? Besides the fact that you can
roll back any changes made?
I currently run my sims on a esxi 3.5 server, and really I don't believe it
helps with security at all.

If a exploit was discoved in Opensim, and someone took advantage of it, with
sandboxie it would stop them from accessing anything on the computer.. 
but with virtualization, it would not do anything at all.

-----Original Message-----
From: opensim-users-bounces at lists.berlios.de
[mailto:opensim-users-bounces at lists.berlios.de] On Behalf Of Ralf Haifisch
Sent: Sunday, March 29, 2009 6:47 AM
To: opensim-users at lists.berlios.de
Subject: Re: [Opensim-users] Securing OpenSim with Sandboxie

Hey Skidz,

It´s a quite good idea to have isolated environment - at least if you
want/need to run opensim or other software in an "unclear security state" on
a non dedicated system.

I had a look into sandboxie and would maybe suggest to use a "full
virtualization".  Since Hypervisor are not suitable for many people (need to
run the virtualization on top of a operating system) and may have own
security riscs, regular emulation type virtualization works nice.

A nice opensource project is vbox from sun.  http://www.virtualbox.org/  It
comes with binaries for most linux boxes, as well as for windows.

In benchmarks compared to vmware server (not 3i), it did perform amazing
fast.  You can even swap premade system or virtual disks for diagnosis.

In any virtualization, remember to use a dedicated network interface card,
if you want to protect against denial of service etc.

So:
- great idea to make a save environment
- if you want a fast way and are not to paranoid about security or multi
platform sandboxie seems a choice
- if you look into multiplatform, or swapable virtual machines - or are more
paranoid about security I would advice vbox

I really love to see, that more and more people think about security and
production environments.

Cheers,
Ralf

Date: Sat, 28 Mar 2009 19:35:58 -0500
From: Skidz Tweak <skidz.tweak at gmail.com>
Subject: [Opensim-users] Securing OpenSim with Sandboxie
To: <opensim-users at lists.berlios.de>
Message-ID: <49cec273.14b48c0a.2fd7.ffff8964 at mx.google.com>
Content-Type: text/plain;	charset="us-ascii"

I just finished up an article on how to secure OpenSim server with
Sandboxie:
http://blog.skidzpartz.com/post/2009/03/28/OpenSim-Security-Part-1-Sandboxie
.aspx

I hope you all don't think that's spam, I just wanted to share something I
wrote I honestly thought you all might be interested in.

Any feedback on this subject would be greatly appreciated. 

_______________________________________________
Opensim-users mailing list
Opensim-users at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-users