Forgot your password?
typodupeerror
Security Operating Systems Software

Is Whitelisting the Answer To the Rise In Data Breaches? 195

Posted by timothy
from the none-shall-pass dept.
MojoKid writes "It doesn't take a rocket scientist to figure out that cyber criminals are quickly getting more sophisticated than current security, intrusion detection and prevention technology can defend against. And you have to wonder if the computer security industry as a whole is willing to take the disruptive measures required to address the issue head-on. One way to tackle the surging data breach epidemic is with a technology called "whitelisting." It's not going to sound too sexy to the average end user and frankly, even CIOs may find it unfashionable but in short, whitelisting is a method of locking-down a machine such that only trusted executables, DLLs and other necessary system and application components are allowed to run – everything else is denied. A few start-up security companies are beginning to appear in this space. The idea is to start with a known, clean system installation and then lock it down in that state so absolutely nothing can be changed. If you follow system security, regardless of your opinion on the concept of whitelisting, it's pretty clear the traditional conventions of AV, anti-malware, intrusion detection and prevention are no longer working."
This discussion has been archived. No new comments can be posted.

Is Whitelisting the Answer To the Rise In Data Breaches?

Comments Filter:
  • by Anonymous Coward on Sunday February 09, 2014 @05:30AM (#46201291)
    It's too expensive. If you operate in a Windows environment then you have to use Windows Enterprise to access the functionality (which is expensive) and since code-signing certs are expensive not many devs (including driver devs) use them, meaning, you have to go back to file hashes for individual versions for files that aren't signed. We use these mechanism at my work for high risk workstations and the workload of maintaining them is quite tedious. We just aren't there yet as an industry.
  • Already Possible (Score:5, Interesting)

    by EmperorArthur (1113223) on Sunday February 09, 2014 @05:41AM (#46201329)

    Newer versions of Linux can already do this. Using the integrity measurement architecture, module signing, and Secure Boot it's possible to have a system where almost any change is detected. I'm currently trying to get it all working on my machine right now, but it's slow going. Here's hoping that distros start shipping with this set up by default. http://lwn.net/Articles/488906... [lwn.net]

    A shorter term security measure that more users/Distributions should take is making the root partition read only. I know Android already does this, but it really does help. Something that I would really like to see is an easy to use per application firewall. Cgroups mean that I don't even have to worry about it just spawning a child process. Yes, I want to play this game in wine. No, I don't want it to access the internet. No, wine refuses to run it as a different user, much less one with lower privileges.

  • Re:Better idea (Score:4, Interesting)

    by Tom (822) on Sunday February 09, 2014 @06:37AM (#46201511) Homepage Journal

    Because their productivity will higher with a computer, even a restricted one, than pen-and-paper. And if you are talking typical office workers, you would be surprised how few applications they actually need. Most of the office workers in the world spend 99% of their time in

    • an office suite
    • a mail program
    • a browser
    • a single-digit number of job-specific applications (e.g. the accounting software)
    • and maybe a single-digit number of company-specific applications (e.g. the time registration app or the intra-company chat software, etc.)
  • Re:Do it in ROM (Score:5, Interesting)

    by donaldm (919619) on Sunday February 09, 2014 @07:42AM (#46201711)
    You should always set-up your file-systems in such a way that the OS part is completely separate from user data such that it should be a simple matter to recover or even install and update just the system file-systems. Unix and now Linux has always recommenced this type of layout although you can even do something like this for Microsoft Windows.

    I have Fedora 20 running on my PC's and I make sure I document my system layout, application requirements, customisations and of course my security files which I save. If on the off my system gets compromised I can easily 1) Do a system recovery or 2) Do a fresh install and update without compromising my /home or archive data.

    The fresh install takes me approximately 1 hour then 15 minutes for customisations then about 1 hour for the update although during this time I can fully use the machine. It must be noted that a recovery from backup would most likely take me about 20 minutes for 10 GB to be recovered (over 2000 packages), however if you have been compromised it is usually safer to do a fresh install.

    It is possible to have a read-only system file-system for a Unix/Linux but this would be a stupid idea since you have /var which contain logs and update information that is required to be read/write. Even / (/ and /usr) needs read/write on occasion. The same is true for a Microsoft OS. The best you can do is have a tested disaster recovery plan and surprisingly it need not be that elaborate but you do need to cover most what if's.
  • by hairyfeet (841228) <bassbeast1968@gm[ ].com ['ail' in gap]> on Sunday February 09, 2014 @07:54AM (#46201741) Journal

    Oh please do you REALLY think that is the cause of Windows infections?

    I got news for ya pal, I fix the systems that get pwned 6 days a week and I can tell ya that hasn't been even a major, much less main, source of infections since 2004 or so. How do Windows systems get infected? The same way this page shows you how to infect a Linux system in just 5 steps [geekzone.co.nz] through good old fashioned social engineering. Here are the top sources of infections I see at the shop, I see these constantly..

    1.- "You want to see teh hot lesbos? Just run 'Iz_Not_Viruz_Iz_Codex' to see teh hot lesbos today!" 2.- Hi, this is your (insert name of person they know whose system has been pwned) and I found something really cool! Just click this link (which goes to a page full of drive bys) to check it out!" 3.-ZOMFG u got teh viruz! Just run 'Iz_Not_Viruz_Iz_Cleanerz' to get rid of it ZOMFG!" 4.- "You are teh winrar of our contest! Just give us all your info on this page (so we can pull an ID theft while infecting you with drivebys) so you can get your prize u lucky dog!"

    These work on ANY system because they target the weakest point, THE USER. As a matter of fact I've been seeing a sharp rise in infected Android smartphones and ID thefts from that last one. It seems that folks just can't equate one system to another so all those scams that haven't worked on a PC in a decade? Work great on a smartphone. Its endless September all over again. BTW please note that in NONE of those, nor in the Linux example does the OS matter because the weak spot hasn't been the OS in ages, the easy target has been and always will be the users.

The shortest distance between two points is under construction. -- Noelie Alito

Working...