Posted by: kurtsh | March 23, 2012

NEWS: NSA’s approach to Software Restriction Policies & Windows

A customer pointed me to this document about whitelisting produced by the National Security Agency and I thought it was rather interesting:

imageWhat is different in the NSA’a approach from typical whitelisting techniques is that they actually restrict where applications can be installed and run.

NSA’s Application Whitelisting Breakthrough (February 10, 2012) The National Security Agency (NSA) has developed an approach to application whitelisting that consumes considerably fewer resources to deploy than standard whitelisting techniques. Instead of purchasing expensive software and employing people to update whitelists, the NSA’s approach focuses on specific areas of computers where downloaded applications are permitted to execute.

Discussed online in various posts, the approach essentially takes the functionality built into Windows and adapts it for this new approach to securing an organization from threats.  (http://gcn.com/articles/2012/02/13/nsa-whitelisting-apps-secure-systems.aspx, http://www.nextgov.com/nextgov/ng_20120210_8712.php?oref=topnews)

This brings up the topic, “How is whitelisting implemented within Windows 7?”  The implementation for Enterprises using Windows 7 Enterprise Edition is called AppLocker and is a dramatic improvement over the Software Restriction Policies that are available within Windows XP, a pseudo-whitelisting technology that was implemented in the Windows XP timeframe.

Here are some references to better understand Windows 7 Enterprise Edition’s AppLocker technology:


Categories

%d bloggers like this: