December 26

If you are a System Administrator using Squid Proxy Server and you need a tool for securing web acccess in your company, then use the “whitetrash” plugin for Squid.

Whitelisting is a technique that makes it difficult for malware to use HTTP and SSL.

For example, an attacker sends you a malware in the form of a MSWord document attached to an email. You open the attached MSWord document and then the malware executes. The malware will then use HTTP to download tools from the attacker’s domain and use these tools to damage your PC. With a whitelist, all of these actions will be blocked because the attacker’s domain is not in the whitelist.

The Goal

The goal of Whitetrash is to provide a user-friendly and sysadmin-friendly proxy that makes it significantly harder for malware to use HTTP and SSL for:

  • initial compromise;
  • data exfiltration;
  • command and control.

Whitetrash features:

  • Provides whitelisting for HTTP and SSL that is good for both users and sysadmins, but defends against malware and browser exploits.
  • A HTML rendered whitelist report that can be viewed by all users. Can also be used to generate static whitelists for popular domains.
  • Fast: no noticeable impact on users browsing urls already in the whitelist, and adding a new URL is very quick.
  • Secure: As this is a security product, great care has been taken to sanitise input, flow control etc. so that the whitelist cannot be easily circumvented or exploited.

  • Users can delete their own whitelist entries (optional). Admins can delete any whitelist entry.

  • A HTML report that lists all domains requested but not whitelisted – good for tracking down malware/adware and generating static blacklists.
  • Configurable authentication: any sort of authentication can be used. Squid provides plugins for NTLM, basic, and digest but has an extensible interface for other authentication schemes.
  • NEW: A CAPTCHA system has been implemented to prevent malware adding itself to the whitelist. CAPTCHA can be enabled for HTTP, SSL, or both. This is available in the source tree and will be included in the next release.

:D

Popularity: 1% [?]