Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

The NIST now offers more application whitelisting services

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

November 9, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

The U.S. National Institute of Standards and Technology has published a new guide to whitelisting solutions that can help organizations deploy one of the most important defensive security technologies.

The NIST says its new proposal has an ability to drastically reduce attack surfaces and help identify and block suspicious executable files from damaging a system.

When implemented correctly, application whitelisting is an effective way to ensure defense capabilities, stability and consistency, but is often overlooked in organizations such that it offers only a mere impression of security.

The underlying technology is not merely a portal through which only approved applications can be installed nor is it just a block on users writing to local drives. It's more than that, NIST asserts.

The NIST is now offering more application whitelisting to complement the ASD controls guide writing in its NIST's Guide to Application Whitelisting.

"An application whitelist is a list of applications and app components that are authorised to be present or active on a host according to a well-defined baseline," says the NIST.

"If design decisions are incorrect, then the application whitelisting implementation will be more susceptible to compromise and failure," it adds.

The NIST illustrates five points deploying an effective application whitelist including first evaluating built in operating system capabilities, using sophisticated whitelisting attributes unless strict access controls are in place, and testing deployments in monitoring mode prior to roll out.

But as always, risk assessments should be the first order of business since application whitelisting is a functionality issue.

"An application whitelisting technology might be considered unsuitable if, for instance, it had to be disabled in order to install security updates for the operating system or particular applications," the NIST asserts.

"A combination of digital signature, publisher and cryptographic hash techniques generally provides the most accurate and comprehensive application whitelisting capability, but usability and maintainability requirements can place significant burdens on the organisation," it added.

Roll outs should be phased using clear processes that will help minimise pitfalls, the NIST warns.

Source: The U.S. National Institute of Standards and Technology.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer