For a general-purpose computer used for all manner of things (surfing the Web, reading email, running enterprise...
applications, evaluating new software, etc.), such restrictions are highly unwieldy and difficult to keep up to date. But, for a computer that doesn't have to do very many different things (like one used for just reading email and surfing the Internet with a small number of helper applications), such restrictions can greatly improve security. Unfortunately, most enterprise systems fall somewhere in the middle of these two extremes.
I recommend surveying system administrators to determine where your organization has pockets of relatively simpler computers, and then start using them to experiment with software restriction policy whitelists. Gradually move up to more complex classes of systems over time, until you reach the point of diminishing returns in maintaining such lists from an operational perspective. That point will likely be reached quickly, keeping whitelists on only the simplest of computers. Still, for those boxes, security will have improved significantly.
For more information:
- In this Q&A, learn if using whitelists and blacklists is an effective method for preventing spam.
- Michael Cobb unveils whether allowing only whitelist email messages will stop image spam.
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.