love-code-yeyixiao
commented
1 week ago In my mind,I only know air gapped is about disconnecting from Internet.So what solution do you want?
Closed ccchan234 closed 1 week ago
love-code-yeyixiao
commented
1 week ago In my mind,I only know air gapped is about disconnecting from Internet.So what solution do you want?
ccchan234
commented
1 week ago In my mind,I only know air gapped is about disconnecting from Internet.So what solution do you want?
could you google "virtual air gap" on your own? thank you
love-code-yeyixiao
commented
1 week ago virtual air gap
In my search results, the principle of this technique is only disconnection.So you also could do it by Unpluging the network cable. You didn't say what you want,disconnecting in global or only for sandboxed processes?
ccchan234
commented
1 week ago virtual air gap
In my search results, the principle of this technique is only disconnection.So you also could do it by Unpluging the network cable. You didn't say what you want,disconnecting in global or only for sandboxed processes?
unplug LAN cable is too tough for people, so some solutions are there for an online system, somehow make it harder for spyware to send back user data.
the spyware need data + internet access for it's work.
so in your online system, if you remove one from the spyware, then it works alike air gap i.e. "virtual air gap".
currently the sandboxie-plus /w box-data protection works alike.
SBP also have build in firewall (however since i used to use simplewall so i keep on using simplewall).
i am just asking if there will be more sophisticated functions, because those commercial solutions may provide more.
some commercial ones are like: Ericom Software https://www.ericom.com › Glossary · 翻譯這個網頁 Virtual Air Gaps:Employs virtualization to isolate systems within the same physical hardware. Though connected, these virtual instances are shielded from each ..
SBP is container i think.
ccchan234
commented
1 week ago i am thinking if the proxy function could help in some way. i cant test it so i dont have any idea how it works in SBP yet. let's see. thanks
love-code-yeyixiao
commented
1 week ago What I can be sure of is that the proxy doesn't help with this. Have you tried Encryption Box?
ccchan234
commented
1 week ago What I can be sure of is that the proxy doesn't help with this. Have you tried Encryption Box?
i think the proxy could help:
suppose under an openwrt router, which is FOSS and trustable, there is a linux socks5 proxy server (trustable). the win10 IP 192.168.8.3 is blocked for internet in openwrt, but allowed in local LAN.
so programs in the win10 itself, they will try access internet thru 192.168.8.1, and will be blocked.
however, if with the sandboxie adv cert, which i dont have now. i'll believe it ask for a socks5 proxy server, username and passwd, and the programs inside the sandboxie could route thru IP .8.3, into .8.2 and then go internet.
depend on how well sandboxie protected the socks5's username and passwd, if a spyware on the win10 host /w admin right still COULD not obtain the proxy username and passwd, then the system is practically air gapped (for the host win10) but still allow web browsing.
true LAN cable unplug with no internet access is too tough for today's life, so fake air gap systems, that allow web browsing, but with some mechanism to prevent spyware sending data back, is one way.
indeep one could have 1 PC that is completely unplugged, and one that allow web browsing in this way.
ccchan234
commented
1 week ago this is another setup i am thinking. problem for the win10 host is that
SBP and/or the containers could be put onto ext USB, all with box-DP. the lowest thus dont have access to data and could be used for danger software. the middle one is with internet access removed, could be used for e..g notepad the top one used only for trustable software, as they have both internet and access to your data.
then only problem as above mentioned is how to deal with the win10 system on drive C.
i could use shadow defender for that but it would be troublesome.
ps: simplewall is used to block host win10's internet access if needed.
Is your feature request related to a problem or use case?
i dont trust governments, neither microsoft. i could trust open source solutions.
the most safe way for me (except targeted by CIA or KGB), would be to use a air gapped win10.
however in this era, it's really almost impossible to stay so, i am a student, i need online LLMs for help in study, need google for answers to questions. and may be some photo/charts to help in study.
currently i just put them into a sandboxie-data protected box, and use simplewall as the firewall (i used since long time ago).
would like to hear other setups.
thank you.
Describe the solution you'd like
the developing socks5 proxy may help in other ways?
or have some control over the network?
Describe alternatives you've considered
completely plug off the lan cable.