[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] NSA's whitelisting approach economically blocks computer viruses



http://www.nextgov.com/nextgov/ng_20120210_8712.php

By Aliya Sternstein
Nextgov
02/10/2012

Military computers soon will be configured to execute only administrator-approved software applications in certain areas of a computer, Pentagon officials told Nextgov. The Defense Department's unique version of the "application whitelisting" approach focuses on where downloads are allowed to launch in a system. It is intended to be a relatively inexpensive protection against downloads that antivirus programs fail to flag as threats.

"You can download it, but you can't install it," said Paul Bartock, a technical director for the Information Assurance Directorate at the Pentagon's National Security Agency, who helped develop the economical technique.

One weakness with even the best antivirus programs is they blacklist software only after it has been diagnosed as malicious. Unknown worms can't be blocked. And hackers continuously tweak their code so it remains unknown.

However, NSA's approach in essence blocks every application from executing until a network administrator has approved, or whitelisted, it. Whitelisting is a recommended best practice, but Defense and industry have lagged in adoption because of the staffing involved in adding and removing applications from the list, NSA officials said.

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly.  Best program, best price.
www.ExpandingSecurity.com/PainPill