Part 4 of 9 - Software Restriction Policies

How To Secure Your SMB Network – Part 4 of 9 – Software Restriction Policies

Philip Banks Security 4 Comments

Welcome to How To Secure Your SMB Network! This is part 4 of a 9 part series that discusses our approach to Network Security and how we secure client networks. As you will see there are many facets that go into creating a secure network. Think of it as puzzle with each piece playing an important role. The days of installing Norton Anti-Virus on your computer and thinking you are safe are over.

What are Software Restriction Policies

Software restriction policies define the files and/or file types that are able to execute on your computer. Similar to how a firewall allows or blocks traffic based on certain parameters (source, origin, port, protocol, etc.), Software Restriction Policies allow or disallow programs based on their location on the disk, filename, file type, etc.

Blacklisting

There are essentially two ways to implement Software Restriction Policies, Whitelisting or Blacklisting. Blacklisting allows any program to execute by default, unless it matches a restriction defined by an administrator, specifically file type, file name, or file path. For example, a Blacklist restriction might say that any file named Spotify.exe cannot execute. This would effectively block the program Spotify from running on a computer that is subject to this policy. A brief analogy, think of Blacklisting as the TSA’s No Fly List. Anyone can fly on an airplane (with a ticket and proper ID) as long as they are not on the No Fly List.

Blacklisting is effective at blocking specific programs that a company does not want its employees to use. Another common use is blocking certain paths that Malware, Ransomware, and Viruses tend to use.

Whitelisting

Whitelisting, on the other hand, takes the opposite approach. By default, no programs have permission to run unless they match certain criteria. In a Whitelisting scenario, you may have a policy that allows C:\Program Files (x86)\Microsoft Office\root\Office16\Excel.exe to execute. This will allow Microsoft Excel to run, but any other programs do not have permission to run. You can think of Whitelisting as the lock on your home’s front door. No one can come in unless they have the key to unlock your door.

Whitelisting is a more effective strategy to keep your computers secure, however it can require more time and effort to implement and can be more intrusive on the end user. If a company has many different applications their employees use regularly, each application will need its own Whitelist rule. The administrator would also need to create rules for any new applications before installing on the workstations.

How To Secure Your SMB Network – E-Book

How to Secure Your SMB NetworkThis is the fourth part of a nine part series that details How To Secure Your SMB Network. Every Wednesday we will post a new section that gives details and examples on how Banks Technology Services secures out client’s networks. We have compiled all of this information into into an EBook which you can download for free. The E-Book contains additional information, real world examples, and is updated as new technology emerges. To receive your FREE copy, head on over to the How To Secure Your SMB Network page.

 

 

 

 

How To Secure Your SMB Network Blog Series

Part 1 – Network Security Principles
Part 2 – UTM Gateyway
Part 3 – Content Filtering
Part 4 – Software Restriction Policies
Part 5 – Spam Filtering
Part 6 – Endpoint Security
Part 7 – Patching
Part 8 – Administrative Rights
Part 9 – Conclusion
Philip BanksHow To Secure Your SMB Network – Part 4 of 9 – Software Restriction Policies