backtop


Print 11 comment(s) - last by Francisbacon.. on Dec 30 at 6:42 AM


Whitelisting is essential for businesses, and a good idea for security-conscious home users, as well. After all, no one wants some shady character plugging foreign USB devices into their ports.  (Source: EcoBatteries)
Allowing untrusted devices on your system is a recipe for disaster

When it comes to internet security, the words of late German folklorist Walter Anderson come to mind:

We're never so vulnerable than when we trust someone - but paradoxically, if we cannot trust, neither can we find love or joy.

Likewise the words of the Greek philosopher and scientist Socrates are pertinent:

True wisdom comes to each of us when we realize how little we understand about life, ourselves, and the world around us.

To truly secure yourself on the internet you must first remember that their is no almighty, unbreakable secured system.  But you must also do what you can to defend your system against obvious attacks.

One of the best ways you can accomplish that goal is to employ device whitelisting technology.  By carefully administering your device whitelists, you can prevent unwanted external hardware -- USB drives, foreign disc media, or external hard drives -- from being connected to your system.

For knowledgeable users with a bit of time on their hands, this technology is available directly within Windows 7 or Windows Server 2008 R2.  Microsoft offers a useful tutorial here on its TechNet site.

For time-strapped users who might find it impractical to micromanage Windows profiles on single or groups of machines, security and business software vendors are increasingly offering whitelisting capabilities as part of their services package.

If you're not sure about whether or not this is a worthwhile endeavor for your business, consider this:

If it were not for a handful of burned CDs, the U.S. Army would never have allowed hundreds of thousands of classified SIPRNET documents to be illegally obtained a disgruntled private, Spc. Bradley Manning.  With proper precautions against unwanted media, the worst data leak in modern U.S. history could have been prevented. 

It's no wonder that the U.S. military is banning USB devices from its SIPRNET stations.  But a compelling question is -- why doesn't the military just use a whitelist to disallow anything but absolutely trusted devices?

If the idea hasn't been implemented it surely should.

And as for the business users of the world, you should be considering adopting strict device white lists too.  After all the web is hardly a warm and safe place.  It is filled by people who might try to steal your information for fun and profit, should they get the proper opportunity and motivations. 

Allowing uncontrolled hardware access, particularly of thumb drives, is essentially inviting any hacker, disgruntled employee, or would-be engineer to steal whatever secrets they can get at from a workstation.  Furthermore, it opens the door to them installing malicious programs, which can lead to far worse problems.

You can't operate digitally without trusting someone, but you have to be careful about who you trust.  That's the idea behind device whitelisting.

Editor's Note- This article is intended as a general discussion of an important IT/security topic, and by no means is meant as a comprehensive technical analysis of the state of whitelistingFeel free to chime in with your thoughts, analysis, or suggestions.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

In the words of Inigo Montoya
By MrTeal on 12/14/2010 4:28:36 PM , Rating: 3
quote:
You keep using that word. I do not think it means what you think it means.

pe·nul·ti·mate
/p?'n?lt?m?t/ [pi-nuhl-tuh-mit]
–adjective
1.
next to the last: the penultimate scene of the play.
2.
of or pertaining to a penult.

quote:
To truly secure yourself on the internet you must first remember that their is no penultimate secured system.
Used in this context, this would seem to mean that there is no second best or next to perfect secured system. Nitpicky I know, but this isn't a small grammar mistake or a simple misspelled word.




RE: In the words of Inigo Montoya
By SSDMaster on 12/15/2010 9:26:08 AM , Rating: 2
What difference does it make? No one reads that far into these articles anyway. I read the first paragraph until inundated by the ads as I highlighted the words to keep my mark. If I didn't use my mouse the mouse over ad's wouldn't be such an issue... but alas the tab button can only get you so far.


RE: In the words of Inigo Montoya
By MrTeal on 12/15/2010 10:02:04 AM , Rating: 2
Adblock Plus. It's a must for this site, like most others. It gets rid of the really annoying ones. The worst are the one that start talking to you when you mouse over them. Just awful.


RE: In the words of Inigo Montoya
By Warwulf on 12/24/2010 2:19:25 PM , Rating: 2
There are ads on this site?

Oh, right... Adblock.


RE: In the words of Inigo Montoya
By Fritzr on 12/22/2010 1:14:35 AM , Rating: 2
Given that ultimate is perfection which is a very unlikely state with a system engineered by humans, the best that can normally be done is penultimate security.

Though it is a little weird to the grammar nazis, this usage is probably more accurate than the 'correct' word when dealing with real life :D


By kattanna on 12/14/2010 12:36:09 PM , Rating: 5
no matter how secure you make a system, end users are always the weakest point.




By ZaethDekar on 12/14/2010 12:41:52 PM , Rating: 2
PEBKAC

ID10T Error

so on so forth.


just a thought..
By omnicronx on 12/15/2010 4:47:13 PM , Rating: 2
quote:
It's no wonder that the U.S. military is banning USB devices from its SIPRNET stations. But a compelling question is -- why doesn't the military just use a whitelist to disallow anything but absolutely trusted devices?

Couldn't someone just figure out how to spoof the system? For example if you add a certain USB device to your whitelist. What is stopping a skilled programmer from merely spoofing the disallowed device to appear as though it is allowed?

Whitelisting is hardly the answer either. While it would surely be a great step forward, its not going to stop those who really want access and have the knowledge to bypass any protections.




RE: just a thought..
By Lerianis on 12/16/2010 5:32:25 AM , Rating: 2
Agreed. Government and corporations just need to learn to be less secretive and more open with the American populace and their shareholders.

Not to say that SOME secrecy for corporations and government is not necessary, but our government takes it way too far and has taken it way too far for years.


Whitelisting
By EddyKilowatt on 12/15/2010 5:45:32 PM , Rating: 2
So, like the MAC address filter on my wifi? That's not too confidence-building.




Completely ridiculous
By Francisbacon on 12/30/2010 6:42:56 AM , Rating: 2
This website seems like an online tabloid newspaper simply parroting the views of the establishment / government. I am yet to see a worthwhile article on here, it's like Fox News online :(

Banning USB devices will have no impact at all on "leaked secrets". The only impact network admins can expect is a lot of complaints from users no longer able to use USB drives and a lot more work and expense in buying and setting up USB devices that users traditionally buy and maintain themselves.

Banning USB devices is irrelevant. If a user has access to sensitive material, this can be emailed, printed, screengrabbed or even written down with a pen and paper, the question is not whether you trust external devices, it's whether you trust the user.

Bradley Manning was a highly skilled hacker who simply used the easiest means to extract the information he wanted. He would have had no problem at all defeating a device whitelist. It's typical of large organisations like the US Army to react when their security policies are breached by "Beefing up" measures. The reality is no security system can ever keep a determined individual or group from gaining access.




“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads

















botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki