Implementing Security Measures to Address Unauthorized Software Installations

Addressing Unauthorized Software Installations

Prev Question Next Question

Question

Users at an organization have been installing programs from the Internet on their workstations without first receiving proper authorization.

The organization maintains a portal from which users can install standardized programs.

However, some users have administrative access on their workstations to enable legacy programs to function properly.

Which of the following should the security administrator consider implementing to address this issue?

A.

Application code signing B.

Application whitelisting C.

Data loss prevention D.

Web application firewalls.

B.

Explanations

Users at an organization have been installing programs from the Internet on their workstations without first receiving proper authorization.

The organization maintains a portal from which users can install standardized programs.

However, some users have administrative access on their workstations to enable legacy programs to function properly.

Which of the following should the security administrator consider implementing to address this issue?

A.

Application code signing

B.

Application whitelisting

C.

Data loss prevention

D.

Web application firewalls.

B.

The correct answer is B. Application whitelisting.

Explanation:

Application whitelisting is a security control that allows only approved programs to run on a system, while blocking unauthorized applications. This approach is the opposite of blacklisting, which blocks specific applications based on their known vulnerabilities or malicious behavior.

In this scenario, the organization is facing a problem with users installing unauthorized programs on their workstations. This can be a serious security risk because these programs could contain malware, spyware, or other types of malicious software that could compromise the confidentiality, integrity, and availability of the organization's data and systems.

To address this issue, the security administrator should consider implementing application whitelisting. This would allow the organization to maintain a list of approved applications that users are allowed to install and run on their workstations. Any program not on the approved list would be blocked, preventing users from installing unauthorized software.

It's worth noting that some users have administrative access on their workstations to enable legacy programs to function properly. This could be a challenge for implementing application whitelisting because these users may need to install and run applications that are not on the approved list. In this case, the security administrator should carefully evaluate which applications are necessary for legacy support and ensure they are added to the approved list.

In contrast, the other options are less relevant for addressing the issue of unauthorized program installations.

A. Application code signing is a technique that verifies the integrity and authenticity of a software application by validating its digital signature. However, this does not prevent users from installing unauthorized programs.

C. Data loss prevention (DLP) is a set of tools and processes designed to prevent sensitive data from being lost, stolen, or exposed. While DLP is an important security control, it does not address the issue of unauthorized program installations.

D. Web application firewalls (WAFs) are designed to protect web applications from attacks such as SQL injection, cross-site scripting (XSS), and other common web exploits. While WAFs are useful for securing web applications, they are not relevant to the scenario described in the question.