One of the techniques for mitigating risk of application vulnerabilities is restricting what types of applications can be executed on your network. Windows Active Directory includes tools in group policy that can restrict application use. You can “white list” applications, meaning only applications you approve can be used, or you can blacklist applications, meaning any application can be used, except those you disallow. There is another option, where you restrict applications based on whether the application has a trusted signature (more of certificates and trust later…)
Which of these methods do you think is most appropriate? In your discussions, stay cognizant of the C-I-A triad in IT security… Frequently, we forget how important availability can be, and in our efforts to protect our networks, we may disallow needed applications. Discuss this balance in different kinds of organizations, and where these techniques might be appropriate.