To address the inherent trust problems with these two mechanisms, administrators can create a text file (called a whitelist) that contains a list of trusted PCS and/or PPS Appliances, fully qualified domain names (FQDN) or IP addresses; one per line. Administrators can configure two types of whitelists:
- Admin whitelist - The admin whitelist file can be modified only by the endpoint administrator. The administrator must use SMS or other mechanism to copy the admin whitelist file to the end-user's system. Admin whitelist files are located in:
- User whitelist - Users can themselves make the decision to trust a PCS Appliance. When the user makes a decision to trust a PCS Appliance, the PCS Appliance is added to the user whitelist. User whitelist files are located in:
/~/Library/Application Support/Juniper Networks/whitelist.txt
If the first line of the whitelist file contains AllowAdminListOnly
(case insensitive), then the Allow Admin List Only
enforcement mode is used. Otherwise, the prompt mode enforcement is used. A excerpt of a whitelist file using Allow Admin List Only enforcement is shown here:
To add clusters to the whitelist file:
- For Active/Passive clusters enter the VIP in the whitelist (if using IP-based access to the cluster); otherwise, use the FQDN.
- For Active/Active clusters enter the load balancer hostname in the whitelist.
Note: The trusted server list feature is for applications launched from a browser window; it does not apply to applications launched from the command-line or other means. Prompt enforcement is the default mode when upgrading the PCS Series software to 6.5 (and later).
This procedure outlines the process for determining whether to launch the software:
- If the URL of the page initiating the launch does not begin with HTTPS, abort the launch and notify the user.
- Else if the admin whitelist exists:
- If the origin site is listed in the whitelist, proceed with the launch.
- If the origin site is not in the whitelist and the whitelist starts with “AllowAdminListOnly”, abort the launch and notify the user.
- Else if the user whitelist exists:
- If the origin site is in the user whitelist, proceed with the launch.
- Prompt the user if they trust the origin site.
- If the user agrees to trust the origin:
- If they select Always then add the server to user whitelist file.
- Proceed with the launch.
- Abort the launch.