At this year's AusCERT conference, whitelists were a hot topic - but is anyone going to use them?
Whitelists, which stop unknown and unwanted applications from executing on corporate networks, work in the opposite way to our current blacklist-based computing model. Under blacklists, any application can run unless it's been nominated to be blocked.
Whitelists provide better protection than blacklists by stopping unknown applications - and therefore malware - by default.
[? template('/'.constant('CMS_VHOST').'/common/poll/display_poll.htm', '1620737698'); ?]
One problem with whitelisting though is that, as with any security measure, it compromises flexibility and functionality in favour of safety. However, with the present state of the IT industry, a little less flexibility will have a positive effect.
I asked James Stewart, chief security officer at Cisco if the whitelisting approach was too inflexible for today's enterprise. He didn't think so and went as far as saying the technology was vital: "I'm not sure we can get to the place of feeling confident in our infrastructure without whitelisting."
AusCERT's general manager Graham Ingram also believes whitelists are the way forward: "I think [whitelists] are a natural progression. Blacklisting only had a limited life and we are getting to the end of that."
We have to face it. Desktop security is broken - it has been ever since computers were no longer confined to large, well-guarded buildings. Back then, there was no way of processing data (good or bad) unless someone fed a computer with punch cards, which is a far cry from the connected Web 2.0 world - and yet we still use the same basic architecture.
If we are serious about fixing security then let's embrace whitelists and move on.
While security experts appear to be in favour of whitelisting, I'm curious to know what ZDNet.com.au readers think of it and when, if at all, you plan implementing the technology. Take part in our reader poll and leave your feedback below.