IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [whitelist]

A whitelist shows data that specifically is allowed. All other data (not on the whitelist) will be filtered out or ignored. A whitelist is the opposite of a blacklist. - Whitelist - only these things. - Blacklist - everything but these things.

70 questions
1
vote
2 answers

How safe I am without antivirus on Windows 7 with restricted security policy enabled?

I've Windows 7 with latest updates without any antivirus software. I use ZoneAlaram Free Firewall to restrict application from accessing Internet without my knowledge (every new application requires ok/cancel in firewall's popup). Administrative…
Vitaliy
  • 123
  • 4
1
vote
1 answer

Difference between Knowledge-based IDS and behavior-based IDS

I have difficulties in understanding the difference between Knowledge-based IDS and behavior-based IDS. This link says that a knowledge-based IDS uses a database of specific attacks and system vulnerabilities, which is blacklist method, I think.…
Ema
  • 203
  • 1
  • 2
  • 7
1
vote
3 answers

If LDAP credentials are leaked, is IP whitelist still sufficient protection?

In a situation where LDAP credentials get leaked but there is still an IP whitelist in place... My gut feeling says this isn't right; the credentials should be changed. Is this correct? What technical details can help me impress this upon the…
MrG
  • 115
  • 5
1
vote
2 answers

Whitelisting only particular hosts on Windows 10

There is a laptop which is to be secured and only certain websites should be accessible. Reason is possible data theft by user or malware, from vpn-only-accessible websites which this laptop will be accessing daily. Laptop is physically secured with…
user119076
1
vote
3 answers

When is IP blocking OSI level 7 only and what is the purpose of doing so on multiple locations?

Let's say there is an application that has IP whitelisting, all other IP's are denied. This check takes place on three different locations: iptables, .htaccess, PHP script. Now in what OSI layers does those three locations fit? I guess something…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
1
vote
2 answers

How effective is MAC whitelisting on a Wireless Access Point?

For the sake of context, let's say I set up my home router with WPA2, a strong passphrase and I whitelisted all of my devices. I know the data is encrypted, but is the layer 2 header encrypted as well? Ultimately, is it possible for someone not…
Lutefisk
  • 372
  • 1
  • 3
  • 12
1
vote
2 answers

DDoS Mitigation - Whitelist or Blacklist Incoming SOURCE Ports?

For a network offering webservices, I have had recommendations to blacklist a couple of common incoming DESTINATION ports, such as UDP 53, to combat the increasing load from DDoS. I'm wondering if it makes sense to blacklist attackers SOURCE ports…
George
  • 739
  • 1
  • 6
  • 22
0
votes
1 answer

WiFi Network Whitelisting?

At school we have a school-wide LAN network. It connects all the wireless devices to the internet. I've gotten the wireless pass code and have successfully connected to the network, yet I can't use the internet. I assume there is a list of…
Jacob Pickens
  • 121
  • 1
  • 3
0
votes
0 answers

Will whitelisting IP's and hashed passwords be enough to protect my site?

I'm getting ready to deploy a website and wanted a second opinion on the security. I have a database containing hashed passwords with correlating usernames to log in with. On top of that, I'm using a google cloud instance that can only be accessed…
boredProjects
  • 1
  • 1
0
votes
1 answer

How to get my exploit script served on arbitrary subdomain?

Sometimes when checking whether requests are cross-origin, applications check whether the origin contains the whitelisted domain. This makes it possible to bypass the white-listing by including the whitelisted value in the subdomain. E.g.…
Sjoerd
  • 28,707
  • 12
  • 74
  • 102
0
votes
1 answer

Is an IP based whitelist practical for controlling internet use?

I have to set up internet controls for our schools study hall/testing center. The idea is that computers on that network should only be able to access the school's webportal and learning platform that the school uses during class hours, but allow…
Frank
  • 113
  • 3
0
votes
1 answer

Restrict web access with whitelists

Can I secure a website using a simple whitelist system? My idea is to port forward a website www.example.com on my pc. To secure it, I want to add a whitelist system. It will work like this: When the server receives a request, it will read a file…
Gies
  • 1
  • 2
0
votes
0 answers

Whitelisting our app to prevent connection blocking?

We publish a Windows desktop app, and while I've run VirusTotal on all of our files with no hits, some security software blocks incoming connections on ports we use, leading to frequent user support issues. Both our installer and the installed app…
Scott Smith
  • 101
  • 2
0
votes
4 answers

HTTP access from a single IP

If I were to configure a server that would be configured to only be accessible (HTTP) from a single IP address via a port, is it safe from unauthorized access?
Gundam Gundam
  • 11
  • 1
0
votes
1 answer

Modsecurity CRS how to deal with field arrays

I have a question how to deal with whitelisting field arrays in modsecurity. Currently am doing the following: ... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[0][pdc_faq_answer]" ...…
Eddie4
  • 1
  • 1
1 2 3
4
5