NSA's whitelisting approach economically blocks computer viruses

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/nextgov/ng_20120210_8712.php

By Aliya Sternstein
Nextgov
02/10/2012

Military computers soon will be configured to execute only 
administrator-approved software applications in certain areas of a 
computer, Pentagon officials told Nextgov. The Defense Department's 
unique version of the "application whitelisting" approach focuses on 
where downloads are allowed to launch in a system. It is intended to be 
a relatively inexpensive protection against downloads that antivirus 
programs fail to flag as threats.

"You can download it, but you can't install it," said Paul Bartock, a 
technical director for the Information Assurance Directorate at the 
Pentagon's National Security Agency, who helped develop the economical 
technique.

One weakness with even the best antivirus programs is they blacklist 
software only after it has been diagnosed as malicious. Unknown worms 
can't be blocked. And hackers continuously tweak their code so it 
remains unknown.

However, NSA's approach in essence blocks every application from 
executing until a network administrator has approved, or whitelisted, 
it. Whitelisting is a recommended best practice, but Defense and 
industry have lagged in adoption because of the staffing involved in 
adding and removing applications from the list, NSA officials said.

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly.  Best program, best price.
www.ExpandingSecurity.com/PainPill