May 08 26
You're not on the (white)list, you can't come in
Posted by Munir Kotadia @ 16:54 7 comments
At this year's AusCERT conference, whitelists were a hot topic - but is anyone going to use them?
Whitelists, which stop unknown and unwanted applications from executing on corporate networks, work in the opposite way to our current blacklist-based computing model. Under blacklists, any application can run unless it's been nominated to be blocked.
Whitelists provide better protection than blacklists by stopping unknown applications - and therefore malware - by default.
Whitelisting: The future of corporate security?
One problem with whitelisting though is that, as with any security measure, it compromises flexibility and functionality in favour of safety. However, with the present state of the IT industry, a little less flexibility will have a positive effect.
I asked James Stewart, chief security officer at Cisco if the whitelisting approach was too inflexible for today's enterprise. He didn't think so and went as far as saying the technology was vital: "I'm not sure we can get to the place of feeling confident in our infrastructure without whitelisting."
AusCERT's general manager Graham Ingram also believes whitelists are the way forward: "I think [whitelists] are a natural progression. Blacklisting only had a limited life and we are getting to the end of that."
We have to face it. Desktop security is broken - it has been ever since computers were no longer confined to large, well-guarded buildings. Back then, there was no way of processing data (good or bad) unless someone fed a computer with punch cards, which is a far cry from the connected Web 2.0 world - and yet we still use the same basic architecture.
If we are serious about fixing security then let's embrace whitelists and move on.
While security experts appear to be in favour of whitelisting, I'm curious to know what ZDNet.com.au readers think of it and when, if at all, you plan implementing the technology. Take part in our reader poll and leave your feedback below.
Whitelisting makes a lot of sense, but IT departments already too easily earn a reputation for being over authoritive, slow responding and not supportive of chaging business IT needs.
Imagine if every user had to contact IT and get every little new program whitelisted - including interactive web applications where a lot of malware is hidden. Very soon the users will plain get fed up at best. At worst, the company would be burdened with a larger helpdesk organisation and the knowledge that it is slowing down the pace of business by locking down things that can or cannot be done at the desktop.
Is this a matter of security vs agility?