Blacklist (computing)

Screenshot of a web page of a Wikimedia Foundationproject. Filing a blacklisting request
Blacklist IRC.

In computing, a blacklist or block list is a basic access control mechanism that allows through all elements (email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc.), except those explicitly mentioned. Those items on the list are denied access. The opposite is a whitelist, which means only items on the list are let through whatever gate is being used. A greylist contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed.

Blacklists can be applied at various points in a security architecture, such as a Host (network), Web proxy, DNS servers, Email server, Firewall (computing), directory servers or application authentication gateways. The type of element blocked is influenced by the access control location.[1] DNS servers may be well-suited to block domain names, for example, but not URLs. A firewall is well-suited for blocking IP addresses, but less so for blocking malicious files or passwords.

Example uses include a company that might prevent a list of software from running on its network, a school that might prevent a list of web sites from being accesses on its computers, or a business that wants to ensure their computer users are not choosing easily-guessed, poor passwords.

Example systems to protect

Blacklists are used to protect a variety of systems in computing. The content of the blacklist is likely needs to be targeted to the type of system defended.[2]

Information systems

An information system includes end-point hosts like user machines and servers. A blacklist in this location may include certain types of software that are not allowed to run in the company environment. For example, a company might blacklist peer to peer file sharing on its systems. In addition to software, people, devices and Web sites can also be blacklisted. [3]

Email

Most email providers have a anti-spam feature that essentially blacklists certain email addresses if they are deemed unwanted. How this happens is when a successful phishing attack (from an address that is forged from reliable accounts to try to recover personal information) is executed, then the email device deems the address to be spam, and proceeds to blacklist the address.

An e-mail spam filter may keep a blacklist of email addresses, any mail from which would be prevented from reaching its intended destination. It may also use sending domain names or sending IP addresses to implement a more general block.

In addition to private email blacklists, there are lists that are kept for public use, examples are

Web Browsing

The goal of a blacklist in a web browser is to prevent the user from visiting a malicious or deceitful web page via filtering locally. A common web browsing blacklist is Google's Safe Browsing, which is installed by default in Firefox, Safari, and Chrome.

Usernames and Passwords

Blacklisting can also apply to user credentials. It is common for systems or websites to blacklist certain reserved usernames that are not allowed to be chosen by the system or websites user populations. These reserved usernames are commonly associated with built-in system administration functions.

Password blacklists are very similar to username blacklists but typically contain significantly more entries that username blacklists. Password blacklists are applied to prevent users from choosing passwords that are easily guessed or are well known and could lead to unauthorized access by malicious parties. Password blacklists are deployed as an additional layer of security, usually in addition to a password policy, which sets the requirements of the password length and/or character complexity. This is because there are a significant number of password combinations that fulfill many password policies but are still easily guessed (i.e., Password123, Qwerty123).


Distribution methods

Blacklists are distributed in a variety of ways. Some use simple mailing lists. A DNSBL is a common distribution method that leverages the DNS itself. Some lists make use of rsync for high-volume exchanges of data.[6] Web-server functions may be used; either simple GET requests may be used or more complicated interfaces such as a RESTful API.

Examples

Considerations of Usage

As expressed in a recent conference paper focusing on blacklists of domain names and IP addresses used for Internet security, "these lists generally do not intersect. Therefore, it appears that these lists do not converge on one set of malicious indicators."[8][9] This concern combined with an economic model[10] means that, while blacklists are an essential part of network defense, the need to be used in concert with whitelists and greylists, for example.

References

  1. Shimeall, Timothy; Spring, Jonathan (2013-11-12). Introduction to Information Security: A Strategic-Based Approach. Newnes. ISBN 9781597499729.
  2. "Domain Blacklist Ecosystem - A Case Study". insights.sei.cmu.edu. Retrieved 2016-02-04.
  3. Rainer, Watson (2012). Introduction to Information Systems. Wiley Custom Learning Solutions. ISBN 978-1-118-45213-4.
  4. http://anti-spam.org.cn/?locale=en_US
  5. https://mxtoolbox.com/problem/blacklist/fabelsources
  6. "Guidelines". www.surbl.org. Retrieved 2016-02-04.
  7. "B.I.S.S. Forums - FAQ - Questions about the Blocklists". Bluetack Internet Security Solutions. Archived from the original on 2008-10-20. Retrieved 2015-08-01.
  8. Metcalf, Leigh; Spring, Jonathan M. (2015-01-01). "Blacklist Ecosystem Analysis: Spanning Jan 2012 to Jun 2014". Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security (ACM): 13–22.
  9. Kührer, Marc; Rossow, Christian; Holz, Thorsten (2014-09-17). Stavrou, Angelos; Bos, Herbert; Portokalidis, Georgios, eds. Paint It Black: Evaluating the Effectiveness of Malware Blacklists. Lecture Notes in Computer Science. Springer International Publishing. pp. 1–21. doi:10.1007/978-3-319-11379-1_1. ISBN 9783319113784.
  10. Spring, Jonathan M. (2013-01-01). "Modeling malicious domain name take-down dynamics: Why eCrime pays". eCrime Researchers Summit (eCRS), 2013 (IEEE): 1–9.

External links

This article is issued from Wikipedia - version of the Thursday, February 04, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.