Comments on: Blacklists, Whitelists and Secure Computing http://arielsilverstone.com/security/blacklists-whitelists-and-secure-computing/ Intelligent Business Security Thu, 05 Apr 2012 11:03:09 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Arielhttp://arielsilverstone.com/security/blacklists-whitelists-and-secure-computing/comment-page-1/#comment-168 Ariel Thu, 01 Jan 1970 00:00:00 +0000 http://arielsilverstone.com/?p=2653#comment-168 Rob,Thank you for your kind comment. You guys are doing a bang-up job. Let me know if I can contribute to OISF.Ariel Rob,

Thank you for your kind comment. You guys are doing a bang-up job. Let me know if I can contribute to OISF.

Ariel

]]> By: Rob Jamisonhttp://arielsilverstone.com/security/blacklists-whitelists-and-secure-computing/comment-page-1/#comment-167 Rob Jamison Thu, 01 Jan 1970 00:00:00 +0000 http://arielsilverstone.com/?p=2653#comment-167 Ariel,I appreciate you reading my CMAL post and writing about it on your own blog as well. This is an interesting topic and I concur with your conclusion on the need for a coordinated approach. On that score, I am participating in the OISF effort, specifically the “IP Confidence” working group that is debating the Whitelist v. Blacklist vs. Scoring vs. Applications.Regards, Rob Jamison Ariel,

I appreciate you reading my CMAL post and writing about it on your own blog as well. This is an interesting topic and I concur with your conclusion on the need for a coordinated approach. On that score, I am participating in the OISF effort, specifically the “IP Confidence” working group that is debating the Whitelist v. Blacklist vs. Scoring vs. Applications.

Regards,
Rob Jamison

]]> By: Arielhttp://arielsilverstone.com/security/blacklists-whitelists-and-secure-computing/comment-page-1/#comment-159 Ariel Thu, 01 Jan 1970 00:00:00 +0000 http://arielsilverstone.com/?p=2653#comment-159 <a href="#comment-155">@Jonathan D. Abolins </a>Thank you, Jonathan. Very good comment. Makes me want to write a gantza megilla (long article) about how security technology is breaking down. Think I will have to, now! @Jonathan D. Abolins

Thank you, Jonathan. Very good comment. Makes me want to write a gantza megilla (long article) about how security technology is breaking down. Think I will have to, now!

]]> By: Spafhttp://arielsilverstone.com/security/blacklists-whitelists-and-secure-computing/comment-page-1/#comment-157 Spaf Thu, 01 Jan 1970 00:00:00 +0000 http://arielsilverstone.com/?p=2653#comment-157 Blacklist approaches have been failing for years -- polymorphic and self-encrypting code, as well as code delivered in parts, means that blacklists stop only a portion of what is getting thru and can never hope to get it all. Add in VPNs and other encrypted tunnels (SSL) and even things blacklists might catch will not be stopped.Whitelisting controls aren't a perfect answer, but go a long ways towards fixing the problem. Only running something that is known to be allowed is the right thing for most enterprises. It's one reason why I came up with the design behind SignaCert's offerings, which are being widely adopted. Blacklist approaches have been failing for years — polymorphic and self-encrypting code, as well as code delivered in parts, means that blacklists stop only a portion of what is getting thru and can never hope to get it all. Add in VPNs and other encrypted tunnels (SSL) and even things blacklists might catch will not be stopped.

Whitelisting controls aren’t a perfect answer, but go a long ways towards fixing the problem. Only running something that is known to be allowed is the right thing for most enterprises. It’s one reason why I came up with the design behind SignaCert’s offerings, which are being widely adopted.

]]> By: Jonathan D. Abolinshttp://arielsilverstone.com/security/blacklists-whitelists-and-secure-computing/comment-page-1/#comment-155 Jonathan D. Abolins Thu, 01 Jan 1970 00:00:00 +0000 http://arielsilverstone.com/?p=2653#comment-155 Echos of Marcus Ranum's "Don't enumerate badness" advice in his list of "The Six Dumbest Ideas in Computer Security" (http://www.ranum.com/security/computer_security/editorials/dumb/) His well pointed out that the "badness" has outpaced the "goodness" on the systems and networks. Blacklists cannot keep up (but the updates can be quite profitable for the vendors).Whitelists are quite helpful but many people, including security product vendors, still avoid them. One reason, besides the BL revenue stream, is the potential for things to "break" because a legitimate site, person, or process wasn't on the WL. Tuning a WL can be a challenge especially for multi-use consumer systems. For servers and other business systems where their functions are better defined, WL should be easier to set up. Echos of Marcus Ranum’s “Don’t enumerate badness” advice in his list of “The Six Dumbest Ideas in Computer Security” (http://www.ranum.com/security/computer_security/editorials/dumb/) His well pointed out that the “badness” has outpaced the “goodness” on the systems and networks. Blacklists cannot keep up (but the updates can be quite profitable for the vendors).

Whitelists are quite helpful but many people, including security product vendors, still avoid them. One reason, besides the BL revenue stream, is the potential for things to “break” because a legitimate site, person, or process wasn’t on the WL. Tuning a WL can be a challenge especially for multi-use consumer systems. For servers and other business systems where their functions are better defined, WL should be easier to set up.

]]>