ACSC publishes application whitelisting guide


By Dylan Bushell-Embling
Monday, 06 May, 2019

ACSC publishes application whitelisting guide

The Australian Cyber Security Centre has issued an updated application whitelisting guide containing guidance on how to implement the threat mitigation strategy.

Application whitelisting, one of the Australian Signals Directorate’s Essential Eight cyber threat mitigation strategies, is primarily designed to protect against malicious code execution on protected systems.

According to the guide, implementing application whitelisting involves first developing applications that are safe and authorised to execute.

Second, application whitelisting rules should be developed to ensure only those applications can execute; and third, these rules should be maintained using a change management program.

Methods of determining how to enforce application whitelisting — if implemented correctly — include cryptographic hash rules, publisher certificate rules that combine both publisher and product names, and path rules if accompanied by correctly configured file system permissions preventing the unauthorised modification of folder and file contents and permissions.

The use of file names or other easily changed application attributes are inadequate methods of enforcing application whitelisting, the guide adds.

Regular tests should also be undertaken to check for misconfigurations or other methods of bypassing whitelisting rules and protocols.

Application whitelisting can also help identify attempts to execute malicious code by being configured to generate event logs for failed execution attempts. These logs should ideally include information such as the name of the blocked file, a date/time stamp, and the username of the user attempting to execute the file.

The report notes that application whitelisting does not replace the need for — and should be complemented by — antivirus and other security solutions.

Methods such as using web or email content filters to prevent the downloading of applications from the internet or using a portal for authorised applications are also not considered to be application whitelisting.

Image credit: ©stock.adobe.com/au/kentoh

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Careless employees cause 80% of Australian data losses: report

While organisations are investing in DLP solutions, a report by Proofpoint shows that those...

Intercede launches MyID MFA 5.0

Intercede has introduced a range of enhancements to its MyID MFA multi-factor authentication...

23% of connected healthcare devices vulnerable to attack

New research from Claroty indicates that a high proportion of medical devices connected to...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd