Replacement for Sirrix' "Browser in the Box"
by joe_2000 from LinuxQuestions.org on (#4WKA9)
I am looking for a replacement for Sirrix' Browser in the Box commercial edition.
The key feature I am after is being able to give users in a mostly airgapped environment a browser that is reasonably isolated from the OS with a centralized infrastructure that provides a certain degree of protection against user mistakes even when said users have administrative privileges on their local system.
E.g. my initial idea of starting the browser in a very restrictive firejail profile as a separate user and only allow this separate user to connect to the intenet using user-based iptables rules does not meet the requirement because a user with local administrative privileges could mess with the local iptables rules.
In the context of the above I'd be interested in hearing your thoughts on the following concept.
Set up a separate (virtual) machine in a separate DMZ-vlan that has internet connectivity.
Only allow http / https traffic to wan via iptables on this machine
Give the users ssh access (but not root access) to this machine and disallow password authentication
Restrict the keys to a command that runs a browser.
This way the users could start a browser on this machine using X11 forwarding. Whatever they do would only affect the machine the browser sits on but not their own machines.
Optionally, the allowed command could be extended using a wrapper script to allow the users to access the Downloads-folder via ssh. (This would be the equivalent to "allowing downloads" using Browser in the Box)
Am I overlooking anything that would make the above concept less secure than the "Browser in the Box"?
If anyone has different concept ideas or improvement ideas for the above concept I would also be interested.
The key feature I am after is being able to give users in a mostly airgapped environment a browser that is reasonably isolated from the OS with a centralized infrastructure that provides a certain degree of protection against user mistakes even when said users have administrative privileges on their local system.
E.g. my initial idea of starting the browser in a very restrictive firejail profile as a separate user and only allow this separate user to connect to the intenet using user-based iptables rules does not meet the requirement because a user with local administrative privileges could mess with the local iptables rules.
In the context of the above I'd be interested in hearing your thoughts on the following concept.
Set up a separate (virtual) machine in a separate DMZ-vlan that has internet connectivity.
Only allow http / https traffic to wan via iptables on this machine
Give the users ssh access (but not root access) to this machine and disallow password authentication
Restrict the keys to a command that runs a browser.
This way the users could start a browser on this machine using X11 forwarding. Whatever they do would only affect the machine the browser sits on but not their own machines.
Optionally, the allowed command could be extended using a wrapper script to allow the users to access the Downloads-folder via ssh. (This would be the equivalent to "allowing downloads" using Browser in the Box)
Am I overlooking anything that would make the above concept less secure than the "Browser in the Box"?
If anyone has different concept ideas or improvement ideas for the above concept I would also be interested.