Whitetrash is a user-friendly and sysadmin-friendly proxy that makes it significantly harder for malware to use HTTP and SSL for:
- initial compromise;
- data exfiltration; and
- command and control.
Here are some key features of "Whitetrash":
· Provides whitelisting for HTTP and SSL that is good for both users and sysadmins, but defends against malware and browser exploits.
· A HTML rendered whitelist report that can be viewed by all users. Can also be used to generate static whitelists for popular domains.
· Fast: no noticeable impact on users browsing urls already in the whitelist, and adding a new URL is very quick.
· Secure: As this is a security product, great care has been taken to sanitise input, flow control etc. so that the whitelist cannot be easily circumvented or exploited.
· Users can delete their own whitelist entries (optional). Admins can delete any whitelist entry.
· A HTML report that lists all domains requested but not whitelisted - good for tracking down malware/adware and generating static blacklists.
· Configurable authentication: any sort of authentication can be used. Squid provides plugins for NTLM, basic, and digest but has an extensible interface for other authentication schemes.
What's New in This Release: [ read full changelog ]
· Integration with the Google Safebrowsing API, so that urls are checked against the Google malware and phishing blacklists. Blacklisted domains cannot be whitelisted by normal users.
· Improved authentication using the Django web framework. Adding new authentication methods is simple. LDAP support means user passwords and permissions can be centrally managed, with simple integration with Windows domain controllers and OpenLDAP servers.
· Authentication can be disabled, which when used in conjunction with the CAPTCHA system, provides most of the security benefits without the overhead of user management.
· A CAPTCHA system has been implemented to prevent malware adding itself to the whitelist. CAPTCHA can be enabled for HTTP, SSL, or both.
· A Django-based admin interface that allows admins to manage users and whitelist entries.
· Memcached support to reduce the load on the database and allow for scaling to very large enterprises. Memcached is used by sites such as slashdot, livejournal, and sourceforge.
· SSL certificate generation. Improvements to the firefox security model have rendered the previous approach to displaying the whitetrash form for SSL requests unusable. Whitetrash now creates its own certificate authority, which is used to display the form for new SSL domains. SSL sessions to whitelisted domains are simply proxied.
· Learning mode. Whitetrash can be placed in a learning mode where all domains requested are added to the whitelist. Once the list has been reviewed, whitelisting by users can begin with a baseline of popular domains pre-whitelisted.
· A firefox plugin has been developed, similar in style to the noscript plugin, that gives users the ability to quickly whitelist domains. This is useful for page elements that do not display the whitetrash form, such as images and video provided by content-delivery-network domains.