IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [whitelist]

A whitelist shows data that specifically is allowed. All other data (not on the whitelist) will be filtered out or ignored. A whitelist is the opposite of a blacklist. - Whitelist - only these things. - Blacklist - everything but these things.

70 questions
2
votes
2 answers

Limit web-browsing to list of known well-known websites (whitelist)

I'd like to limit web-browsing to number of websites owned by known internet companies, for example: Google Websites Microsoft Websites Amazon Yahoo Ebay News Etc I understand I can't do it myself because each of the websites is using external…
user128766
  • 73
  • 1
  • 5
2
votes
1 answer

What resources/organizations should we submit applications to for testing, to prevent Anti-Virus "False-Positives?"

A friend's company just released an application recently, which received a false-positive warning with Norton AV from a client. He found something on Norton's website that I believe he said was a form, and then he said that after submitting the form…
XaolingBao
  • 897
  • 2
  • 9
  • 21
2
votes
1 answer

Are there any standard practices for protecting against malicious links being entered in a public form?

A website I'm working on needs to have a form for any visitor to submit a request for information about a service. The user will not need to create an account, and contact details are just part of the form. The user can also enter a free form…
jpmc26
  • 823
  • 9
  • 17
2
votes
2 answers

Legally port scanning (Whitelist)

I am attempting to set up a security vulnerability scanning server. I have several customers interested in using it to scan their systems. I will be port scanning and carrying out intrusion detection, etc. Before I go ahead with this, I want to know…
Paul Perrick
  • 121
  • 1
2
votes
2 answers

Vulnerability scanning: White list pentester or not?

If your company engages a third party pentester to do vulnerability scanning, do you whitelist the pentester so that they can thoroughly scan the machines on the internet, or do not whitelist them so that you have a better gauge of the…
Pang Ser Lark
  • 1,929
  • 2
  • 16
  • 26
1
vote
2 answers

Shellshock plus sudo/su environment whitelist bypass - big problem?

The question is: How big a problem is this? Looks pretty big to me. With the shellshock bug it is possible to bypass the whitelist of known-harmless environment variables in sudo, as well as other routes to execution of code as high-privileged…
Ben
  • 3,697
  • 1
  • 18
  • 24
1
vote
2 answers

How to uniquely identify / tag client devices to whitelist VPN access?

I'm just wondering if there is any way to uniquely identify or tag client devices like laptops and towers in order to whitelist them for vpn access. (Note: This is a thought-experiment at the moment, but I hope I can implement this at some point).…
mohrphium
  • 280
  • 1
  • 3
  • 9
1
vote
0 answers

What is the most efficient way to get new executables whitelisted by Norton?

We developed an application (see https://embeetle.com). To avoid false positives, all our executables and DLLs are code-signed with an Extended Verification Code Signing Certificate from Sectigo. Despite this, our users complain that Norton flags…
K.Mulier
  • 117
  • 3
1
vote
2 answers

Risks associated with IP whitelisting

I was told that IP whitelisting should not be considered safe and are hence obsolete. I fail to understand why this statement holds: can IPs be impersonated? if not, then why is it a bad/obsolete way of securing a service? (assuming the traffic…
John
  • 113
  • 4
1
vote
2 answers

How to allow access from just one IP in htaccess

I have a public hosting server. I want to give access to it only from one specific IP address. Since it's a public hosting I don't have access to its infrastructure or apache configuration. I can create .htaccess file only. Based on that can I…
Simon
  • 111
  • 3
1
vote
2 answers

The security of IP whitelisting large ranges

I am not a network expert but; a recent conversation has come up with a client asking to whitelist a range of ip's (let's say 250 odd for now) to transfer their data to us for processing. I should add here that we would provide an IP address to the…
John Halstead
  • 37
  • 2
1
vote
1 answer

On-site Whitelisting vs. Off-site Cisco VPN

A company I’m applying to as web software tester is requiring me to be on-site so they could put me on their whitelist. However, I had a previous job which allowed me to work anywhere, using only Cisco VPN. Is on-site whitelisting more secure than…
ellaaaa25
  • 13
  • 4
1
vote
2 answers

IP-whitelisting for DB access, does solution fit best practices?

All the data we have on our customers sits in our data-lake, which is hosted by one of our suppliers. Currently the security is such that a limited number of users has (limited) access to the database each with their user-name and password. In…
Ivana
  • 139
  • 3
1
vote
1 answer

domain names with email whitelisting

We have white-listed full domains and that creates uncertainty i.e. myservice.com Anyone can send spam mails and we can't block it. We have white-listed specific emails / IP addresses and there is no immediate concern. Any idea how we can tackle…
wonder
  • 103
  • 6
1
vote
1 answer

Whitelist Application For Windows Server 2012

My problem I am looking for an application which runs on Windows Server 2012 for security reasons. Our server began attacked on many protocols. They are trying brute force attacks with very weak passwords. It is just annoying and just slowes down…
NagyDani
  • 7
  • 3
1 2
3
4 5