whitelist (allowlist)
What is a whitelist (allowlist)?
A whitelist (allowlist) is a cybersecurity strategy that approves a list of email addresses, IP addresses, domain names or applications, while denying all others. IT administrators use a whitelist as a quick and easy way to help safeguard computers and networks from potentially harmful threats or inappropriate material on local networks or across the internet.
How does a whitelist work?
A whitelist is based on a strict policy set and is managed by an IT administrator. When the administrator is certain about access permissions, using a whitelist does not require an additional understanding of components that are not allowed since these are denied by default.
Administrators compile a list of allowed sources, destinations or applications that users require access to, and then the list is applied to a network appliance, desktop or server software, or OSes. Once applied, the network device or server monitors user, device or application requests and allows access to whitelisted services. All other requested services are denied. While the whitelist permits access or communication to specific approved applications or services, denied requests include locations or services that meet the following criteria:
- are either software or malicious code, such as malware, advanced persistent threats or ransomware;
- contain material that is not in compliance with company internet usage guidelines;
- could lead to sensitive material leaking out to the public; and
- inappropriately facilitates the use of shadow IT.
What are some examples of whitelisting?
Email spam filters. These filters are intended to prevent most unsolicited email messages, or spam, from appearing in subscriber inboxes. However, cleverly crafted spam sometimes slips through, while important, relevant emails are blocked. Most email users tolerate the occasional unsolicited email advertisement but are more concerned when important messages are not received. The whitelist option within the spam filtering service puts the power of explicit permits into the mailbox user's hands.
Access control lists. ACLs that are applied to a network router interface can be configured to permit access to individual or blocks of IP addresses. ACLs are processed from the top down with an implicit deny any at the end of the list. This means that destination IP addresses are matched with the access list, and if the IP address is not contained in the list, the packet is dropped.
What does it mean to be put on a whitelist?
Often, a user or department requests access to a specific approved application or to a remote server or service not accessible from corporate devices or the corporate network. When a destination or application is put on a whitelist, it is considered safe, and access to the remote destination, application or service is granted.
Whitelist vs. blacklist (blocklist)
While a whitelist is a list of applications or services that are explicitly permitted, blacklisted or blocklisted applications or services are explicitly denied. There are situations in which maintaining a blacklist rather than a whitelist is preferred. For example, if the number of items, locations or applications that need to be permitted are greater than those that need to be blocked, it is easier to set up a blacklist. Content filters and antimalware applications tend to favor the use of blacklists for this reason.
Whitelisting best practices
The following are some best practices for maintaining and implementing whitelists:
- document and categorize all whitelisted objects;
- be as specific as possible when creating a whitelist object;
- perform whitelist reviews to add or purge apps or services, and keep the list up to date; and
- apply whitelists efficiently by placing users into access groups and applying specific whitelists to each group based on job function.
TechTarget is responding to readers' concerns as well as profound cultural changes when it comes to certain commonly used but potentially linguistically biased terms. In some cases, we are defaulting to industry-standard terminology that may be seen as linguistically biased in instances where we have not found a replacement term. However, we are actively seeking out and giving preference to terms that properly convey meaning and intent without the potential to perpetuate negative stereotypes.