The container runs a local host server for use in a browser and is untrusted for development reasons. It needs to be treated as an advanced black hat. Its primary goal is recon and sending critical information via advanced connectionless protocols of unknown type. While extremely unlikely, it should be assumed to have access to proprietary systems and keys such as Intel ME and a UEFI shim of some sort. It may also use an otherwise trusted connection such as common git host, CDN, or DNS to communicate. It tries to access everything possible, key logger, desktop GUI, kernel logs, everything.

What is the Occam’s Razor of solutions that best fit the constraints in your opinion? Other than the current solution of air gap.

  • N.E.P.T.R@lemmy.blahaj.zoneEnglish
    2·
    5 hours ago

    I guess I just don’t understand your question. Explain in more detail.

    1. Who is the threat actor? (State, APT, Hackivist, etc)
    2. What is their goal (what do they want)? (Money, data, persistent access, blackmail)
    3. What tools do they have?

    Really think about the Ws (who, what, where, when, how).

    If you want to protect against an “advanced” threat actor, you can not do that without multiple layers of isolation, including but not limited to virtualization, MAC (SELinux), namespaces, seccomp.

    All protections are meaningless without a clear understanding of what assets you are protecting, the threat you face, and they want from you.