Could NSA's whitelisting approach to security catch on in government?
- By Kevin McCaney
- Feb 13, 2012
This article has been updated to correct a reference to Microsoft's AppLocker.
The National Security Agency aims to improve security on military networks by focusing on allowing approved software applications rather than trying to block malicious apps, NextGov reports.
The practice, application whitelisting, isn’t new, but NSA’s approach is unique in establishing where a downloaded app is allowed to launch, and that it can be launched but not installed, according to NextGov.
In essence, the plan is to require administrator approval before any application can run, and block all others.
Whitelisting has steadily been catching on in security circles — in theory if not always in practice. Its advantage is that it deals with approved apps, rather than trying to blacklist malware that can exploit systems before they’ve been discovered.
The disadvantage is that it can be difficult to manage, requiring admins to spend time on the approval process and sometimes running counter to user expectations of having control over their systems.
But in recent years, whitelisting has made strides. Toney Jennings, president and CEO of CoreTrace, which sells whitelisting services, told GCN in June that, while not a perfect system, it has become easier to manage and could be worth considering for agencies that want to cut down on the 30 percent of threats that blacklisting routinely lets through.
A December 2010 paper by the SANS Institute examined existing commercial whitelisting tools and how they would defend against most known attacks. The report concluded that whitelisting, like any other security step, was not a cure-all, but it represented the best way to significantly reduce malware in systems.
In 2009, InfoWorld tested six enterprise whitelisting programs, as well as Microsoft’s AppLocker, a feature built into Windows 7, and found that all of them performed well.
NSA’s Information Assurance Directorate details how admins would set up the policy in its document, “Application Whitelisting Using Software Restriction Policies."
Kevin McCaney is a former editor of Defense Systems and GCN.