notabot

Level 11
I was thinking, is there an offering that whitelists network traffic, either at router level or at host level ?

Of course the whitelist won’t be something static, so , if it exists I’d expect this to be a subscription service.

Whitelist could be at domain level or IP level - for full URL level it would require an addon or certificate interception and I’m not too keen on either of these.

The advantage of a whitelist approach would be to eg eliminate connections to fresh C&C hosts

Does an offering like this exist ?
 

Local Host

Level 18
Verified
Normally it's called Firewall, with strict rules is pretty much a traffic whitelist. You probably looking for something more specific though.
 

notabot

Level 11
Normally it's called Firewall, with strict rules is pretty much a traffic whitelist. You probably looking for something more specific though.
It’s firewall functionality ( not only though, it could be a network protection module which is distinct from on Windows) but it should integrate with a provider of whitelists, eg doing something like this with windows firewall and manually updating the list is unmanageable, same goes for most router firewalls - the vendor effectively would provide

* a whitelist and maintain it
* integration with firewall or with network protection modules
 
  • Like
Reactions: shmu26