When implementing a positive security model on Windows, one useful resource is the NIST National Software Reference Library
. NIST tracks a massive number of legitimate software applications, images, and operating system files, and makes lists of the resulting cryptographic hashes available. These hash lists can be imported into most whitelist systems. This may help reduce the stress associated with developing customized whitelists for a particular environment by seeding the list with a large number of known legitimate applications.
Bit9 also maintains a large free public interface to a large percentage of its application database. While the interface does not support exporting data into other whitelists, it's very useful for manual verification of binaries by administrators willing to do a little bit of extra legwork to configure their own whitelists.
Return to the main story:
Positive Security: Worth The Work?