Digitaleclub
Best for you!

Whitelisting explained: How it works and where it fits in a security program

Whitelist meaning and defininition 

Whitelisting is a cybersecurity strategy under which a user can only take actions on their computer that an administrator has explicitly allowed in advance. Instead of trying to keep one step ahead of cyberattackers to identify and block malicious code, IT staff instead compiles a list of approved applications that a computer or mobile device can access. In essence, the user has access to only a limited set of functionality, and what they can access has been deemed safe by the administrator.

Whitelisting is a fairly extreme lockdown measure that, if implemented properly, can keep many cybersecurity problems at bay. However, it can be quite inconvenient and frustrating for end-users, requires careful implementation and proper ongoing administration, and isn’t a foolproof barrier to attacks.

Whitelist vs. blacklist

A blacklist is a slightly more familiar concept — a list of things that are dangerous and need to be blocked from the machines you’re trying to protect. Many antivirus and anti-malware programs are, essentially, blacklists: they include a list of known malicious code, and automatically leap into action when those programs are detected on the protected computer. Blacklists have a fairly obvious disadvantage in that they need to be constantly updated to stay ahead of the latest attacks. By definition, antivirus software can’t protect you against a zero-day attack.

A whitelist is the inversion of a blacklist. If you’ve implemented a whitelist, you’ve essentially blacklisted everything out there in the universe except the stuff that’s on your list. At first blush, this seems to make security a snap: you don’t have to worry about new malicious code emerging as a threat to your infrastructure because the only things your machines can access are things you already know are safe.

But there are drawbacks to whitelisting too that should be pretty obvious. For one thing, it restricts the users’ freedom to use their machines the way they want (and generally people think of their work computers as “their” machines, since they sit in front of them eight hours a day). There’s also quite a bit of work that needs to be put into building a whitelist; after all, while a blacklist of known malware and attack sites can be put together by a vendor for widespread use, every organization’s whitelist of the programs they need to use will probably be unique. And there are of course ways that wily attackers can “put themselves on the list.”

Application whitelisting

In general, the kind of whitelisting we’ve been talking about so far is application whitelisting — that is, only allowing a certain set of applications to run on the protected computer. (The term has a somewhat different meaning when it comes to email or IP addresses, which we’ll discuss at the end of the article.) The National Institute of Standards and Technology (NIST) has a guide to application whitelisting, and while it’s a few years old at this point, it’s still a great introduction to the topic. It goes in great depth on a number of topics; we’ll touch on the basics here.

Leave A Reply

Your email address will not be published.