Mucho snippage... Not huge news, but perhaps a useful technique.
BTW, see also: http://isc.sans.edu/diary.html?storyid=8236 for a different approach. Kurt ************************************************************************ TOP OF THE NEWS --NSA's Application Whitelisting Breakthrough (February 10, 2012) The National Security Agency (NSA) has developed an approach to application whitelisting that consumes considerably fewer resources to deploy than standard whitelisting techniques. Instead of purchasing expensive software and employing people to update whitelists, the NSA's approach focuses on specific areas of computers where downloaded applications are permitted to execute. http://www.nextgov.com/nextgov/ng_20120210_8712.php?oref=topnews http://gcn.com/articles/2012/02/13/nsa-whitelisting-apps-secure-systems.aspx [Editors' Note (Ullrich, Paller): Application whitelisting still hasn't reached the mainstream adoption it deserves. If you thought it was too hard to implement because of false positives, consider this as a wake up call that (you have no idea what's running on your systems, and) you can stop rogue software and cost-effectively. Yes it has weaknesses (like in-memory scanning), but they are dwarfed by the benefits. Now someone please come up with a good whitelisting solution for OS X.] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
