Isolating Windows Applications

From: Juan José Sánchez Mesa (juanjo.listas@dobleJ.net)
Date: 04/07/03

  • Next message: Brian W. Spolarich: "RE: SUS server" 
    Date: Mon, 07 Apr 2003 19:52:04 +0200
To: focus-ms@securityfocus.com
From: Juan José Sánchez Mesa <juanjo.listas@dobleJ.net>

    (sorry for my bad enlish)

    A client wants to run an application in one of our internet server. The
    application is made by themselves. It's a console application which listen
    in one tcp/ip port for conections from a client application.

    We want to protect our server, isolating the application so it can't access
    critical files, the registry, listen on more than one tcp/ip port (only in
    which is designated to listen), etc ... And if it's possible, protect the
    server if the application crash. The server is a Windows 2000 Server (SP3).

    Anyone knows a program that isolate other programs in this way ? It's
    possible do this using a user with low privileges and running the
    applicaction as this user ?

    Ideas, tricks ... ???

    Thanks for the replies.

    <b>
    ----------------------------------------------------------------------
    Block Spam, Smut & Viruses
    SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
    technology including filtering embedded and attached file content. Rid your
    enterprise of unwanted content.
    http://www.securityfocus.com/SurfControl-focus-ms2
    Download your free fully functional trial, complete with 30-days of free
    technical support.
    ----------------------------------------------------------------------
    </b>

  • Next message: Brian W. Spolarich: "RE: SUS server"

    Relevant Pages

    • Re: What doesnt lend itself to OO?
      ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
      (comp.object)
    • This is going straight to the pool room
      ... or not the client has privilege to do what they're trying to do, ... The server environment is this: ... 3GL User action Routines that Tier3 will execute on your behalf during the ... Routine Name: USER_INIT ...
      (comp.os.vms)
    • [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
      ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
      (Full-Disclosure)
    • Re: What doesnt lend itself to OO?
      ... > rather than client code. ... no way to do that without also touching the object with clock semantics ... will not encapsulate both clock semantics and network semantics. ... The server can do whatever it wants ...
      (comp.object)
    • RE: Fax monitor incoming + outgoing calls?
      ... problem between the client computer and the SBS server. ... Client is using the internal IP address of the SBS server as the ... To the folder redirection GPO issue: ...
      (microsoft.public.windows.server.sbs)