WhitewallManager is a whitelist manager. It aims to be a web based administration tool for administrators using a default-deny approach to the security of the network they are responsible for.
Default-deny is a superior model for network security as compared to default-allow, which is how the security model of most local area networks is modeled. Default-deny disallows all but access granted to resources which you specifically allow.
The advantage to this is that any new resources which turn out to be bad are blocked by default.
Default allow disallows nothing and bad things are blocked as they are discovered. This means that you are exposed to any bad things which you don't know about.
The reason most networks are modeled on default-allow is that default-deny is hard to manage.
What WhitewallManager aims to accomplish is to make default-deny and whitelists manageable with a sensible and efficient work flow. Currently it's a nightmare to manage a default-deny network.
- Manage Squid whitelists
- - Retrieves page from URL and extracts all domains linked within document on failed access attempt
- - Cross references domains extracted from HTML against blacklists to highlight known bad/questionable domains
- - Displays blacklist hits,and the blacklists in which the hit occurred
- - Allows administrator to add selected domains to whitelist
- - Sends email to administrator when user requests site add
- - On proxy deny page allows user to request domain be added to whitelist
- - Shell script to download and update blacklists efficiently
- - Hybrid approach, default-deny whitelist goodness with the intel that blacklists provide
- - Difficult to accidentally whitelist known malware, virus, spyware serving domains
- - ArchLinux file layout currently supported
- - Implement administrator login
- - Build packages for red hat/fedora/centos, gentoo, ubuntu, debian, (insert distro)
- - Streamline httpd setup to be simple with conf files that can be dropped in /etc/httpd/conf.d
- - Implement proxy user/group management
- - Implement blacklist manager and download interface
- - Implement whitelist manual manager
- - Set up proxy auto-configure via DHCP (and whatever else we need to)
- - Implement LAN Local DNS Zone manager/DNS Caching admin page
- - Implement LAN DHCP Manager (MAC Whitelisting Workflow/Interface)
- - Implement HTTPD host management
- - Implement iptables firewall rules interface/generation to simplify router/iptables whitelist setup
- - Find hosting for WhiteWall VM download.
- - Fix the security issues with the code (mostly shell escape, XSS)
- - Create version to manage tinyproxy. I wrote a tinyproxy source patch already ;)
- - Implement system setup script to set up services in whitelist mode
- - Implement SELinux management workflow/interface
- - Do it all so a non computer user can make it work.
Be the first to post a review of WhitewallManager!