Page 1229 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1229
authorized to run on a system.
A whitelist would not include malware applications and would block
them from running. Some whitelists identify applications using a
hashing algorithm to create a hash. However, if an application is
infected with a virus, the virus effectively changes the hash, so this
type of whitelist blocks infected applications from running too.
(Chapter 6, “Cryptography and Symmetric Key Algorithms,” covers
hashing algorithms in more depth.)
The Apple iOS running on iPhones and iPads is an example of an
extreme version of whitelisting. Users are only able to install apps
available from Apple’s App Store. Personnel at Apple review and
approve all apps on the App Store and quickly remove misbehaving
apps. Although it is possible for users to bypass security and jailbreak
their iOS device, most users don’t do so partly because it voids the
warranty.
Jailbreaking removes restrictions on iOS devices and
permits root-level access to the underlying operating system. It is
similar to rooting a device running the Android operating system.
Blacklisting is a good option if administrators know which
applications they want to block. For example, if management wants to
ensure that users are not running games on their system,
administrators can enable tools to block these games.
Firewalls
Firewalls provide protection to a network by filtering traffic. As
discussed in Chapter 11, firewalls have gone through a lot of changes
over the years.
Basic firewalls filter traffic based on IP addresses, ports, and some
protocols using protocol numbers. Firewalls include rules within an
ACL to allow specific traffic and end with an implicit deny rule. The
implicit deny rule blocks all traffic not allowed by a previous rule. For
example, a firewall can allow HTTP and HTTPS traffic by allowing
