Endpoint security is broken — the trojan reality of enterprise IT (Article)

Discussion in 'other security issues & news' started by Rasheed187, Feb 19, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    @Rasheed187

    Yeah, the above is a realistic argument for whitelisting IMO, at least in office environments. You can't make it impossible to get in, but you don't have to leave it that easy either.

    Edit: Mind, it doesn't help that whitelisting products/methods for Windows tend to be awful, obscure, or both.

    Edit 2: per another thread, whitelisting vs. the attack mentioned above should be possible just using NTFS ACLs. I wonder if there's a Puppet module for stuff like this.
     
    Last edited: Feb 19, 2016
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Yes white-listing can of course be bypassed, but there are so many other solutions like anti-exploit, HIPS and sandboxing. If combined it's almost impossible to hack systems without the use of kernel exploits.
     
Loading...