Access "Schneier-Ranum Face-Off on whitelisting and blacklisting"
This article is part of the January/February 2011 issue of Cloud initiatives are changing roles for information security managers
Point: Marcus Ranum In 2007, I wrote an article on execution control in which I explained why antivirus was a dead-end idea, and predicted an eventual switchover from blacklisting to whitelisting. I couldn't have been more wrong so I periodically catch myself wondering if I'm one of a small percentage of the people who "get it," and if the entire security world has its collective head where the sun doesn't shine. Obviously, malware is a big problem and there's not going to be a silver bullet solution to it, but the industry's response to system integrity continues to be ineffective, expensive and a wasteful of time and energy. To briefly recap: blacklisting is the oldest algorithm in computer security. Know what's bad, develop a pattern-matching system to detect it, and ring a bell when you detect the pattern. You can earn extra credit for detecting the bad thing just before it happens, and preventing it from happening. In a nutshell, that's what's behind many antivirus, intrusion prevention/detection systems, and spam filters. The whitelisting approach is ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Information security roles growing in influence
Information security managers are getting more of a say in enterprise cloud initiatives and mobile device projects.
-
The state of critical infrastructure security
Stuxnet put the spotlight on critical infrastructure protection but will efforts to improve SCADA security come too late?
-
Information security roles growing in influence
-
-
Enforcing endpoint security
by Lisa Phifer, Contributor
Enforcing endpoint security requires careful planning and deployment.
-
Enforcing endpoint security
by Lisa Phifer, Contributor
-
Columns
-
Schneier-Ranum Face-Off on whitelisting and blacklisting
Security experts Bruce Schneier and Marcus Ranum debate whether network security should be based on whitelisting or blacklisting.
-
The penetration tester is alive and well
Automation hasn't killed the penetration tester – yet.
-
Old information security challenges persist
by Dave Shackleford
A look back at articles from the past shows that the same information security problems persist today.
-
Schneier-Ranum Face-Off on whitelisting and blacklisting
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...