administrators compile a list of allowed sources, destinations or applications that users require access to, and then the list is applied to a network appliance, desktop or server software, or oses. once applied, the network device or server monitors user, device or application requests and allows access to whitelisted services. all other requested services are denied. while the whitelist permits access or communication to specific approved applications or services, denied requests include locations or services that meet the following criteria:
you might want to whitelist every application you install, as well, but this will slow down your system in a big way. another compromise is to whitelist only everything you are sure is a legitimate application, and nothing else, as you can see in the following example whitelist:
the goal of a whitelist is to allow only applications you trust to run on your protected computer. you may or may not have this kind of trust — it’s up to you and depends on your comfort with the risk of running untrusted software, your company’s policy on that, and your ability to perform regular application updates.
you could also whitelist specific features, such as just that page that uses mysql, or that one that uses filezilla. the issue is that the list of features grows by the time you add each feature and i’m not sure how long you’d want to whitelist every feature in a piece of software.
the file, which we’ll call file1, contains all the values that will be present in the allow list. to add this to the whitelist, open the whitelist editor and go to file|new. from the options for the new file, select the type of file and call it file1. when prompted to select a file, navigate to file|open|file1 and click ok.
it’s not that easy. the biggest problem with a whitelist is that it places a lot of responsibility on the receiver. the receiver now has to work out if it’s safe to process a navigation message from a given source, rather than having some sort of central authority define whether it’s safe to process navigation messages from sources. whitelisting, like blacklists, is problematic because it’s hard to know if the source is malicious or not: if it’s on your whitelist, it’s safe to process. however, what if the source is on your whitelist but is malicious, and you don’t know it?
some receivers already implement whitelists, and they’re pretty good at it. they look at the ip address of the satellite, and, in some cases, the gps signal, and then they check a whitelist. if the source is on the whitelist, the receiver will ignore the navigation message. some receivers may require the source to be on the whitelist for a certain amount of time before they’ll process the navigation message. if the source isn’t on the whitelist, the navigation message will be ignored.
for receivers to implement whitelists successfully, they must be able to identify the source of each navigation message. they’ll also have to be able to identify if the source is on the whitelist, and if it’s not on the whitelist, if they’ll allow the source to process the navigation message. there are some security issues with this approach, as it depends on the whitelist to be correct.
in theory, a malicious person could send a malicious navigation message from a source not on the whitelist. these malicious navigation messages can look legitimate, and the receiver will allow them through.