Whitelisting is a cybersecurity strategy that only allows an approved list of applications, programs, websites, IP addresses, email addresses, or IP domains, to run in a protected computer or network. Users can only access applications or take actions with explicit approval by the administrator. Anything outside of the list is denied access.
Cybercrime networks and hackers can exploit the vulnerabilities of an application or website—and once they take control of the system, they can use that application or website to launch cyberattacks. Whitelisting is a preventive measure to protect an organization’s sensitive corporate data by only permitting traffic from known IP addresses or ranges.
How is whitelisting different from blacklisting?
While whitelisting allows users only authorized applications or websites, blacklisting actively identifies software programs that pose security threats, denying them access to the protected computer. For example, antivirus or anti-malware software detects malware, viruses, worms, or any malicious codes, whether old or recently discovered, then blacklists, or blocks, them from accessing a computer or network.
Whitelisting enhances security as no unapproved applications, programs, or actions considered as potential threats are permitted. In other words, everything is considered a threat save those users who are explicitly named and allowed permissions.
What are the types of whitelisting?
Here are the three common types of whitelisting that organizations use:
Application: Only selected applications are allowed to run on the company’s protected computer devices and networks.
Email: list of approved email addresses saves time checking the spam folder for emails from clients and business partners by only allowing permitted senders or domains into the Inbox. Email whitelisting also reduces instances of phishing, scamming, and bogus emails designed to steal sensitive information.
IP address/IP domain: An administrator can whitelist IP addresses and IP domains, limiting user access to websites and applications.
What are the advantages and disadvantages of whitelisting?
Whitelisting helps improve an organization’s cybersecurity posture since it denies access to anything not included in the list. Malware payloads like keyloggers are less likely to infiltrate the system through approved applications, emails, or IP addresses. Additionally, whitelisting prevents insiders from installing programs to a protected computer and infecting the network with malicious codes or worms.
However, whitelisting imposes restrictions on the users, limiting the actions they can perform which can cause inconvenience for the user, and additional service requests to IT when access to an app, domain, or user falls outside the established limits of the whitelisting policy. But given the seriousness of the cybersecurity threats, whitelisting can be the first line of defense against cyberattacks.
Another drawback of whitelisting is the amount of effort that must be expended by IT and security teams to establish and maintain the lists. The sites, applications, or programs on the whitelist must be carefully considered and regularly updated. Whitelisting often involves customizing an application’s settings, along with verifying the software vendor’s security policies to ensure that the application contains no malicious code.
What are examples of whitelisting software?
Windows 10 and macOS have built-in whitelisting functionality. For mobile devices, iOS and Android app stores whitelist applications certified as safe for use. Third-party vendors offer more granular controls.
- AppLocker — Microsoft’s whitelisting application built for enterprise OS editions
- Kaspersky Whitelist — Features a collaborative hosting service
- PolicyPak — Helps protect on-premise and remote computers
- PowerBroker — A popular whitelisting tool for Windows, Linux, and macOS
- Centrify Server Suite — Highlights the principle of zero-trust
- Defendpoint — Emphasizes enterprise network and endpoint security
Whitelisting is not a foolproof cybersecurity strategy. Determined cybercriminals can still hack their way into your data through approved applications. But it can be of help as a core deterrent strategy to cybersecurity threats and ransomware attacks.