Segmented Web Browsing Will Be the DMZ of the 2010’s

By Daniel Miessler on January 24th, 2010: Tagged as Information Security

The recent AURORA attack is about to change how the web browser is handled within the enterprise. This sort of exposure will introduce a concept my friend Steve Crapo has been talking about for years: virtualized, isolated browser farms.

In the beginning of Internet commerce, web-facing servers were located on the same network segment as protected internal resources, such as database servers, HR systems, etc. This was demonstrated to be a universally stupid idea, and the concept of the DMZ was born and propagated as a standard architectural practice.

The same is about to happen for web browsers within corporate networks. It will soon be considered unacceptable to have regular web clients sitting on the same network as protected systems–or even on a network with access to those systems.

In the near future, all web browser interaction with the Internet will be done virtually–from a segmented, virtualized network with multiple layers of protection between the browsing network and the Internet. Some of these will include:

  • state-of-the art proxying and real-time whitelisting/blacklisting
  • sandboxing to isoloate browser from OS
  • application/executable whitelisting on the browser OS
  • regular patching of all browsing VMs (near-immediate)
  • regular snapshot restores of browsing VMs to known-best state

So once a user drops out of their Internet web session, that VM will be restored to it’s known-best state and put back into the pool of available browser sessions. And when any patches are released, they will be applied immediately after testing to the pool browsers. Ideally, within a couple of hours of a patch for IE, Reader, or Flash being released the browser pool could be updated with those changes.

Using this model, the enterprise will begin to rightly assume that that all Internet browsers are compromised, and will take aggressive steps to ensure that users are always touching the Internet through highly filtered, constantly restored systems that cannot interact with protected internal assets.

This will present a number of challenges–not the least of which being that the web browser today is used to seamlessly transition between intranet and Internet interaction. This will require that an extra step be taken to get content attained from the Internet browser farm to user workstations, but over time this challenge will be considered small compared to that of handling browser-vectored malware on the internal LAN. ::

  • Digg
  • Reddit
  • HackerNews
  • StumbleUpon
  • DZone
  • Google Bookmarks
  • Twitter
  • Facebook
  • del.icio.us
  • FriendFeed
  • Posterous
  • RSS
  • email
  

Comments

  • Matt
    What about email then ? If a browser is able to deliver malicious content, so are all the other html implementations present in email user agents.
  • fagesdaniel
    Hello,
    as a co-founder of commonIT (http://commonit.com), I can only totally agree with your post. At commonIT, we've developed "Virtual Browser" which implements this type of architecture with some interesting extensions as the "sessions isolation" function which give the capability to run different web browsers in different environments (both for security and compatibility reasons).

    Best regards,
    Daniel.
  • Curious
    This post is a direct rip (without credit) from Securifeed http://securifeed.org/node/18203, or is it the other way around? Clarification would be appropriate.
  • Guest
    Dear Curious,

    If you look at the bottom of the page you referenced, you will see that it credits this blog as the original source.
  • I currently boot to BackTrack 4 livecd from a virtual machine for banking and sensitive items. The thought process here is that an exploit would not stay resident since it is a live cd and the likely hood of it harming my machine is reduced since it is in VM.
  • Erwin
    I've created a setup with a similar goal in a job a while ago. I've set up a Linux server in the DMZ that was used to serve Firefox sessions to Windows using the Xming X server. Up- and downloads were only possible by using a special drop zone in the filesystem that was automatically virus scanned and synced to the production network.
    It was working really well, but finally they stopped using it because the users kept complaining about not being able to download files directly to their desktop :(
  • Laszlo
    "... virtualized, isolated browser farms."
    Where can i read more about this subject?
    How would this scale up for enterprises with thousands of browsing users?
blog comments powered by Disqus

 

twitter_icon

Sample Original Content


Information Security

Tutorials and Primers

Culture & Society

Technology & Science

Politics

Philosophy & Religion

Miscellaneous

Tools & Projects


Blog Archives