Become a Nerd Own A Region

  Blog main page

Increase Your Network Security with “Whitelisting”

Oct 15, 2018
| |

The internet is a marvelous place. With millions upon millions of sites to choose from, what you can find, what you can see, what you can learn, where you can go and what you can buy and have delivered to your door in under 24 hours is nearly limitless. Truly remarkable. But make no mistake, among all that internet traffic, the vast majority of it is out to get you. Some say maybe 90% or more has malicious intent. It is out to gather your personal information, bank account and credit card numbers and sell them on the dark web. They will hold the critical data of individuals, companies and governments hostage until a ransom is paid to free it –  precisely what recently happened to the small municipality of, Wasaga Beach Ontario. The town had its computers locked down and taken over by hackers for seven weeks. They ended up paying $35,000 to recover their data plus more than $50,000 to consultants to help them decrypt it. Plus, estimates put the cost of lost productivity at $160,000. In global terms, that’s a drop in the bucket. The FBI says $1 Billion in ransom payments to cybercriminals are made annually. With individuals, companies and governments putting more and more information online, there is more and more booty for the cyber-pirates to pillage. According to a recent press release from RISKIQ, the global economy lost $600 billion to cyber-crime in 2017. That’s $1,138,888 per minute, with 1861 victims per minute world-wide. The threats are indiscriminate and the damage is real. If this scares you, it should. It scares me. So the 100 Bitcoin question is, how can you protect yourself and your company? The answer might be found in whitelisting.

What is Whitelisting? (The opposite of blacklisting of course)

To understand whitelisting, we need to look first at its complete opposite, blacklisting. Blacklisting is the traditional method that the most popular cyber-security companies, like McAfee and Symantec, use as the basis to stop bad actors like viruses, Trojans, worms, spyware, ransomware, keyloggers and other forms of malware from accessing your systems and data. It’s a threat-centred approach. A bit like the bouncer at a Nightclub door. Your computer has a list of all known bad actors – in this case applications, emails and IP’s with malicious intent – and nobody on that list gets in. But everyone else does. It’s a  good start. The problem is the list contains only known threats for which security solutions have already been developed. Among the people not on the bouncer’s list, there could be any number of unknowns who intend to make trouble when they get inside. No way to tell just by looking at them. So the massive challenge is keeping the list up to date. With an estimated 2 million new pieces of malware appearing on the scene every month, it is a nearly impossible task. So what if the bouncer flips this thing on its head? What if, instead of saying “everybody but the people on this list get in”, he says, “nobody gets in until I personally check you out and put you on the list”? And that is the essence of whitelisting. It starts from a “zero-trust” position. The bouncer assumes everyone is planning to stir things up in the club so no-one is allowed in until he is sure they have only good intentions. From the perspective of your systems and networks, whitelisting is the compilation of a list of all acceptable or known-safe applications – emails, IPs, devices, etc. – that you are going to allow to run on those systems and networks. Anything not on the list is denied access. While it takes more work at the outset, it is a far more effective way to guard against cyber-threats than blacklisting. Because it only allows trusted applications and nothing else, whitelisting is also an effective guard against “zero day” attacks. Zero day attacks gain access through a previously unknown software vulnerability. Blacklisting can’t guard against something it never knew about, something that didn’t exist until “day zero”.  With whitelisting, the potentially dangerous application never would have made it to your system. Ever see the size of the guy outside Drake’s Nightclub?

Kinds of Whitelisting

For individuals and businesses, there are two main areas to consider when implementing whitelisting.

  1. Application Whitelisting (AWL) – prevents malware from being installed on the computer or network by allowing only approved applications, and is also used to prevent undesired programs to be installed. From a home user’s point of view, this is an excellent way to deny access to programs inappropriate to children. From an enterprise point of view, in can deny access to gaming and social applications that affect worker productivity and waste network bandwidth.
  2. Email Whitelisting – defines a list of safe senders and recipients to stop spam from filling mailboxes and guards against phishing attacks.

At the network level, assembling a whitelist starts with understanding everything the users need to do and the applications they need to do it. The whitelist will include everything from network infrastructure, valid applications, sites and locations, to authorized users, trusted partners and contractors. A whitelist for applications at the user level should include and email filter for spam and unapproved contacts and approved organizations registered with ISPs. On any level, it is crucial that the list be kept up to date and reflect the evolving needs of the users.

4 Things to Consider When Choosing a Whitelist Solution

This is all about security. Yours and your company’s. So it needs careful thought. When looking for the best whitelisting solution you should give these areas serious consideration:

  1. How does it deal with inventory? – Even a small company can have hundreds of applications necessary to run their business. Know them all off the top of your head? Not likely. So instead of trying to find and list every piece of software your company is running, look for a whitelisting solution that does it for you with automatic inventory. It should put together and maintain a record of installed software and present it in a clear format that is easy to analyze. Having a look at the list is a good opportunity to identify and get rid of applications your company is no longer using.
  2. Easy categorization – You want a solution that lets you easily assign categories to installed software – categories like “Operating Systems”, “Multimedia”, “Business Software”, “Browsers”, etc. Then administrators can instantly see and allow business-related applications and block categories like “Games” that are unnecessary to the business and a drain on productivity. You don’t need to find which game to block, you just keep the whole category off the list.
  3. Automatic and trusted updates – Make sure you choose a solution that ensures regular updates of whitelisted software to deal with new or previously undiscovered vulnerabilities.
  4. The ability to implement flexible rules –  any good solution will come with a comprehensive set of pre-defined rules to get you started. This is a good beginning but as your whitelisting usage grows and evolves, you want to make sure the solution you choose lets you adjust and customize your settings to the unique requirements of your business.

Make sure you choose a solution that is highly flexible and offers the ability to customize. Then, once you get things going, it is important to keep everything up to date. Someone needs to be responsible for updating the whitelist, applying patches, deploying to additional platforms and testing to see that everything is working as it should.

Whitelisting Solutions – User Level

As I found out from the Data Doctors at Washington’s Top News, there are some rudimentary whitelisting capabilities on some PC and Mac operating systems. Here’s what they have to say:

Windows 10 Pro and Enterprise editions have extensive tools for creating application whitelists that don’t exist in Windows 10 Home.

Windows 10 Home users can create a very basic form of application whitelisting by only allowing apps downloaded from the Microsoft Store to be installed. To do this, go to Settings, then Apps and change the drop-down box in the Installing Apps section at the top of the Apps & Features menu.

Keep in mind, this means that you won’t be able to install older programs from CDs or DVDs or utilities and programs that you would typically download directly from other software companies.

MacOS users can create a basic form of whitelisting through the Parental Control menu or through Gatekeeper, which is Apple’s primary tool for controlling what apps can be installed.

Thanks Doctors.

 

Quick Tip: There are lots of ways to increase your cyber-security and you should use as many as you can. Here are a couple of simple things you can do to protect your systems and data:

  • Create secure backups and keep your most sensitive data “air-gapped” – off the internet or any networked computers.
  • Ban USB flash drives and external hard drives unless they are password protected.

 

Is there a real solution?

Many companies have tried coming up with an effective 3rd party whitelisting application. For the most part, they have come up short. The solutions have been so complicated and technical as to be nearly impossible to implement, particularly at the user level. But one you should have a look at is a relative newcomer to the scene, ADAM_one from Adam Networks. Among other potentially game-changing security features, ADAM_one includes an AI Adaptive Whitelisting system that allows you to re-shape the Internet to be whatever you need it to be – constantly evolving to your needs on a dynamic basis, and always with security as the number one priority. As an additional layer, a Don’t Talk to Strangers module (DTTS) leak-proofs your DNS filtering by denying all dns-less traffic, except for those strictly approved by you. This might be the biggest bouncer you’ve ever seen! The knock on 3rd party whitelisting applications has been that most are designed primarily for business and are too complicated for the average home user. But ADAM_one is as useful and essential to the user as it is to enterprise. It simplifies where others complicate. Well worth checking out.

So Why Wouldn’t You?

By all sound reasoning, adding whitelisting to your cyber-security measures is a no-brainer. With all the malicious traffic on the internet it just makes sense to start from a “zero trust” position. It does take a little more work from the outset but with cyber-criminals working non-stop worldwide, the rest of us are going to have to work a little harder to stay ahead of them. Whitelisting isn’t a replacement for your existing anti-virus and cyber-security measures. It should be used as a valuable piece in a comprehensive and layered security solution. And, as always, if you don’t have the time, inclination or technical chops, there’s a Nerd to help you out. We’re always around to  answer questions or provide solutions for any and all cyber-security related issues.