Sheep dip (computing)

In IT security, a sheep-dip is the process of using a dedicated device to test inbound files on removable media for viruses before they are allowed to be used with other computers.[1]

The name sheep-dip is derived from a method of preventing the spread of parasites in a flock of sheep by dipping the new animals that farmers are adding to the flock in a trough of pesticide.[1] The term has been applied to IT security since at least the early 1990s, though footbath was also used at the time.[2] A sheep-dip system can be considered a special case of a sandbox, used to test for malware.

This sheep-dip protocol is a normal first line of defense against viruses in high-security computing environments, as it preemptively prevent the spread of viruses brought by new devices.[3] IT security specialists are expected to be familiar with the concept.[4]

The process was originally developed in response to the problem of boot sector viruses on floppy disks. Subsequently, its scope has been expanded to include USB flash drives, portable hard discs, memory cards, CD-ROMs and other removable devices, all of which can potentially carry malware.

  1. ^ a b Webopedia definition of term "sheep-dip" Retrieved on 11 April 2013.
  2. ^ Solomon, Alan; Kay, Tim (1994). Dr Solomon's PC anti-virus book. New-Tech. ISBN 9780750616140. Retrieved 8 April 2019.
  3. ^ Build Your Own Security Lab: A Field Guide for Network Testing (Page 269) ISBN 978-0470179864
  4. ^ Certified Ethical Hacker Course Overview (Lesson 9) Retrieved on 11 April 2013. Archived 5 May 2013 at the Wayback Machine