Whitelist - Application White Listing

- 00.58

Deploying application whitelisting? NIST has some advice for you
photo src: www.mis-asia.com

A whitelist is a list or register of entities that provide a particular privilege, service, mobility, access or recognition. Entities on the list will be accepted, approved and/or recognized. Whitelisting is the reverse of blacklisting, the practice of identifying entities that are denied, unrecognised, or ostracised.


Application Whitelisting Overview - YouTube
photo src: www.youtube.com


Maps, Directions, and Place Reviews



Email whitelists

Spam filters that come with email clients have both whitelists and blacklists of senders and keywords to look for in emails. If a spam filter keeps a whitelist, mail from the listed email addresses, domains, and/or IP address will always be allowed.

Typically, a user has to manually add the sender or the sender's address to a list of "approved" or "safe senders" within his or her email client for an address to be whitelisted, which is a different process in various email clients.

Some Internet service providers have whitelists that they use to filter email to be delivered to their customers.

If a whitelist is exclusive, only email from entities on the whitelist will get through. If it is not exclusive, it prevents email from being deleted or sent to the junk mail folder by the spam filter. Usually, only end-users would set a spam filter to delete all emails from sources not on the whitelist, not Internet service providers or email services.

Using whitelists and blacklists can assist in blocking unwanted messages and allowing wanted messages to get through, but they are not perfect. Email whitelists are used to reduce the incidence of false positives, often based on the assumption that most legitimate mail will be from a relatively small and fixed set of senders. To block a high percentage of spam, email filters have to be continuously updated as email spam senders create new email addresses to email from or new keywords to use in their email which allows the email to slip through.

Amazon.com uses whitelists to limit access to its Kindle e-reader devices. Besides Amazon itself, only e-mail addresses whitelisted by the device's registered owner can send content ("personal documents") to that device.

Non-commercial whitelists

Non-commercial whitelists are operated by various non-profit organisations, ISPs and others interested in blocking spam. Rather than paying fees the sender must pass a series of tests; for example, his email server must not be an open relay and have a static IP address. The operator of the whitelist may remove a server from the list if complaints are received.

Commercial whitelists

Commercial whitelists are a system by which an Internet service provider allows someone to bypass spam filters when sending email messages to its subscribers, in return for a pre-paid fee, either an annual or a per-message fee. A sender can then be more confident that his messages have reached their recipients without being blocked, or having links or images stripped out of them, by spam filters. The purpose of commercial whitelists is to allow companies to reliably reach their customers by email.

Commercial providers include Return Path Certification, eco's Certified Senders Alliance, and the Spamhaus Whitelist.

One of the most well-publicized and controversial commercial whitelists services at present is CertifiedEmail by Goodmail Systems, which has made headlines since February 2006 when AOL and Yahoo announced plans to implement it. AOL has stated that mail from senders who qualified as legitimate senders and who have prepaid 0.10 cents per message will be delivered directly to users' mailboxes without being subject to spam filters. AOL has announced that it will pay the fee for non-profits. The messages will be clearly identified to the user as having come from a trusted source. These senders must pass a system of accreditation with Goodmail, and their messages must only be sent to people who have a pre-existing business relationship with the sender. If a sender sends a message to a user who has not previously agreed to receive it, AOL may entirely block the sender.

AOL asserts that free email on AOL's service will continue to work as it always has, and a user will continue to receive all messages from a sender whom he has whitelisted. AOL subscribers will not be charged for sending or receiving email, and senders who do not prepay AOL will have their messages subject to the same spam filters as before.

MoveOn organized a protest of AOL's use of commercial whitelists. It characterizes the program as an "email tax", and claims that AOL is giving spammers a direct route into users' mailboxes, while attempting to move more people to paid email by causing a larger amount of legitimate unpaid email to be rejected by the spam filters.

CertifiedEmail has been adopted by seven of the top 10 ISPs in the USA: AOL, AT&T, Comcast, Cox, Road Runner, Verizon, and Yahoo.

According to Comcast, Goodmail has ceased operations and as of February 4, 2011 Comcast will no longer use the service.


Application White Listing Video



Advertising Whitelists

A common form of whitelisting has emerged through internet advertisements and ad-blockers. Many websites rely on ads as a source of revenue. A famous example of requiring an advertisement whitelist is be Forbes. When clicking on an article from Forbes, if an ad-blocker is enabled on the browser, they require it to be disabled. In other words, Forbes requires readers to whitelist them via ad-blockers.


Automated Application Whitelisting for Google Apps
photo src: www.bettercloud.com


LAN whitelists

Another use for whitelists is local area network (LAN) security. Many network admins set up MAC address whitelists, or a MAC address filter, to control who is allowed on their networks. This is used when encryption is not a practical solution or in tandem with encryption. However, it's sometimes ineffective because a MAC address can be faked.

Some firewalls can be configured to only allow data-traffic from/ to certain (ranges of) IP-addresses.


AppSamvid - An Application Whitelisting Software
photo src: cdac.in


Program whitelists

If an organization keeps a whitelist of software, only titles on the list will be accepted for use. The benefits of whitelisting in this instance are that the organization can ensure itself that users will not be able to download and/or use programs that have not been deemed appropriate for use.


Application Whitelisting & Control Keeps Your PCs Safe
photo src: www.secureaplus.com


Application whitelists

An emerging approach in combating viruses and malware is to whitelist software which is considered safe to run, blocking all others. The approach was first implemented in a modern operating system by Dr. John Harrison, an American computer scientist. Some deem this superior to the standard signature-based, anti-virus approach of blocking/removing known harmful software (essentially blacklisting), as the standard approach generally means that exploits are already in the wild. Leading providers of application whitelisting technology include Bit9, McAfee, and Lumension.

These products may provide administrative control over program whitelists in addition to preventing introduction of new malware.

Among Unix Operating system variants, HP-UX has introduced a feature called "HP-UX Whitelisting" on 11iv3 version. HP-UX Whitelisting (WLI) offers file and system resource protection based on RSA encryption technology. WLI is complementary to the traditional UNIX discretionary access controls (DAC) based on user, group, and file permissions. The more granular DAC access control list (ACL) permissions available on VxFS and HFS file systems are likewise not affected.

Among Windows Operating systems, Microsoft has introduced a new feature in Windows 7 and Windows Server 2008 R2 called "Windows AppLocker". Windows AppLocker allows administrators to control which executable files are denied or allowed to execute. With AppLocker, administrators are able to create rules based on file names, publishers or file location that will allow certain files to execute. Rules can apply to individuals or groups. Policies are used to group users into different enforcement levels. For example, some users can be added to report only policy that will allow administrators to understand the impact before moving that user to a higher enforcement level.

However, application level whitelisting is still vulnerable to a variety of attacks including those that make use of PowerShell or cross site scripting to launch scripts or inject malicious .DLLs onto an endpoint. Lower level whitelisting approaches that can monitor the specific processes and API calls are the deepest and strongest whitelist based cybersecurity solutions available today.

Source of the article : Wikipedia



EmoticonEmoticon

 

Start typing and press Enter to search