Sandbox based Internet isolation in a trusted network

What is claimed: 1. A networked computer system comprising: a trusted local area network (LAN), and at least one host computer system configured to connect to the trusted local area network (LAN), wherein the host computer system comprises a processor and a memory configured to implement at least: a trusted operating system that comprises a set of resources configured to enable operation of a workspace and a sandboxed computing environment; a first memory space that is configured to enable storage and operation of the workspace configured to execute a first set of one or more applications and processes; a second memory space that is configured to enable storage and operation of a second set of one or more applications and processes associated with the sandboxed computing environment, and wherein the second set of one or more applications and processes comprises a browser process configured to operate within the sandboxed computing environment; a sandbox container process, as a part of the trusted operating system, that enforces the sandboxed computing environment, wherein the sandbox container process segregates the workspace associated with the first memory space from the sandboxed computing environment associated with the second memory space, wherein the sandbox container process is configured to prevent data from being communicated between the sandboxed computing environment and the workspace without an explicit user input; and a first firewall configured to operate between the workspace of the first memory space and the trusted LAN, wherein the first firewall is configured to prevent unauthorized communication between the first set of one or more applications and processes executing within the workspace and one or more other devices on the trusted LAN. 2. The networked computer system of claim 1 , wherein the sandboxed computing environment is configured to classify a network destination as trusted or untrusted based on one or more of a whitelist comprising a list of trusted network destinations or a blacklist comprising a list of untrusted network destinations. 3. The networked computer system of claim 2 , wherein the trusted network destinations are accessed via one or more of the first set of one or more applications and processes associated with the workspace, and the untrusted network destinations are accessed via one or more of the second set of one or more applications and processes associated with the sandboxed computing environment. 4. The networked computer system of claim 3 , wherein at least one untrusted network destination is located on the Internet and is accessed via the browser process configured to operate within the sandboxed computing environment. 5. The networked computer system of claim 1 , wherein the sandbox container process comprises a second firewall, and the second firewall enforces a separation of the first and second memory spaces by: segregating storage memory associated with the workspace and the sandboxed computing environment; and allowing a predefined set of processes to be executed with the sandboxed computing environment, wherein the second firewall prevents execution within the sandboxed computing environment of any processes outside of the predefined set of processes. 6. The networked computer system of claim 5 , wherein the second firewall is configured such that the explicit user input allows one or more of a cut or copy of data, a paste of data, a printing of data to a local printer, or a file transfer to occur such that data is allowed to pass between the sandboxed computing environment and the workspace. 7. The networked computer system of claim 1 , wherein the first memory space is configured to store a known good version of the sandbox container process, and one or more of the first set of one or more applications and processes are allowed to restore the sandbox container process to the known good version. 8. The networked computer system of claim 7 , wherein the workspace comprises at least one host monitoring process configured to monitor the sandbox container process, wherein the at least one host monitoring process is configured to restore the sandbox container process to the known good version based on one or more of a user input, an application input, detection of an abnormality in the sandbox container process, or expiration of a predefined time. 9. The networked computer system of claim 1 , wherein the host computer system is configured to: store a restore point of the sandboxed computing environment, wherein the restore point is associated with a configuration of the sandboxed computing environment; detect anomalous behavior within the sandboxed computing environment; and restore, based on detection of the anomalous behavior, the sandboxed computing environment to the restore point. 10. The networked computer system of claim 1 , further comprising a proxy/web-content server, wherein the sandbox container process is configured to authenticate with the proxy/web-content server on behalf of the browser process using credentials stored in a configuration file of the sandbox container process, wherein after authentication the browser process is allowed to access untrusted resources via the proxy/web-content server, and wherein each of a plurality of host computer systems comprised in the trusted LAN access untrusted resources via the proxy/web-content server, resulting in a decrease in total traffic monitored on the trusted LAN. 11. The networked computer system of claim 1 , wherein the sandbox container process allows the workspace and the sandboxed computing environment to share access to the trusted operating system and the set of resources while enforcing the segregation of the first and second memory spaces. 12. A networked computer system comprising: a trusted local area network (LAN), a proxy server, an enterprise router, an enterprise firewall, and a plurality of host computer systems configured to connect to the LAN, wherein each of the plurality of host computer systems comprises a processor and memory configured to implement at least: a trusted operating system that comprises a set of resources configured to enable operation of a workspace and a sandboxed computing environment; a first memory space that is configured to enable storage and operation of the workspace configured to execute a first set of one or more applications and processes; a second memory space that is configured to enable storage and operation of a second set of one or more applications and processes associated with the sandboxed computing environment, and wherein the second set of one or more applications and processes comprise a browser process configured to operate within the sandboxed computing environment; a sandbox container process, as a part of the trusted operating system, that enforces the sandboxed computing environment wherein the sandbox container process segregates the workspace associated with the first memory space from the sandboxed computing environment associated with the second memory space, wherein the sandbox container process is configured to prevent data from being communicated between the sandboxed computing environment and the workspace without an explicit user input; and a first firewall configured to operate between the workspace of the first memory space and the trusted LAN, wherein the first firewall is configured to prevent unauthorized communication between the first set of one or more applications and processes executing within the workspace and one or more other devices on the trusted LAN. 13. The networked computer system of claim 12 , wherein the enterprise router is conf