A whitelist (allowlist) is a cybersecurity strategy that approves a list of email addresses, IP addresses, domain names or applications, while denying all others. IT administrators use a whitelist as a quick and easy way to help safeguard computers and networks from potentially harmful threats or inappropriate material on local networks or across the internet.
A whitelist is based on a strict policy set and is managed by an IT administrator. When the administrator is certain about access permissions, using a whitelist does not require an additional understanding of components that are not allowed since these are denied by default.
Administrators compile a list of allowed sources, destinations or applications that users require access to, and then the list is applied to a network appliance, desktop or server software, or OSes. Once applied, the network device or server monitors user, device or application requests and allows access to whitelisted services. All other requested services are denied. While the whitelist permits access or communication to specific approved applications or services, denied requests include locations or services that meet the following criteria:
Email spam filters. These filters are intended to prevent most unsolicited email messages, or spam, from appearing in subscriber inboxes. However, cleverly crafted spam sometimes slips through, while important, relevant emails are blocked. Most email users tolerate the occasional unsolicited email advertisement but are more concerned when important messages are not received. The whitelist option within the spam filtering service puts the power of explicit permits into the mailbox user's hands.
Access control lists. ACLs that are applied to a network router interface can be configured to permit access to individual or blocks of IP addresses. ACLs are processed from the top down with an implicit deny any at the end of the list. This means that destination IP addresses are matched with the access list, and if the IP address is not contained in the list, the packet is dropped.
Often, a user or department requests access to a specific approved application or to a remote server or service not accessible from corporate devices or the corporate network. When a destination or application is put on a whitelist, it is considered safe, and access to the remote destination, application or service is granted.
While a whitelist is a list of applications or services that are explicitly permitted, blacklisted or blocklisted applications or services are explicitly denied. There are situations in which maintaining a blacklist rather than a whitelist is preferred. For example, if the number of items, locations or applications that need to be permitted are greater than those that need to be blocked, it is easier to set up a blacklist. Content filters and antimalware applications tend to favor the use of blacklists for this reason.
The following are some best practices for maintaining and implementing whitelists:
TechTarget is responding to readers' concerns as well as profound cultural changes when it comes to certain commonly used but potentially linguistically biased terms. In some cases, we are defaulting to industry-standard terminology that may be seen as linguistically biased in instances where we have not found a replacement term. However, we are actively seeking out and giving preference to terms that properly convey meaning and intent without the potential to perpetuate negative stereotypes.
09 Dec 2021