Whitelisting vs Blacklisting: What’s the difference?
Alesha Chapman
Whitelisting and Blacklisting are two main approaches toprotecting your network from dangerous downloadsand both are effective tools in a comprehensiveIT Securitystrategy.Depending on who you ask, you will hear a preference for one, butIT specialists are often torn when theymustchoose between the two for maximum security for an organization.We will look at both whitelisting and blacklisting, their pros and cons, so that you can decide which is the best fit for you. Before we delve too deeply into the IT jargon, let’s first start with an analogy to see how whitelisting, blacklisting, and, yep, you guessedit,graylistingwork. Manyofficebuildings station a security guard at their entrance to ensure that only employees with a valid ID are allowed inside. A person walks in, either shows or scans their ID, and they are let inside. This iswhitelisting. Everyone coming inside is validated against an existing list of approved people.
In the same vein, there may be employees who have been fired or even people who have been put on a banned list. These people will be denied entry. This is blacklisting.Bad guys and people that might be dangerous are put on a list anddenied entry.
But what about that guy who delivers sandwiches or thewoman coming for a job interview?These people fall into thegraylist.As they are not on the approved list nor the banned list, the security guard will thenmake a decisionabout the person’s entry based upon the authenticity of the person’s credentials or reason for entry.
So how does this translate into IT security?
Blacklisting
Blacklisting is the practice of blocking potentially unwanted or malicious software and other entities on your computer or network. You can also blacklist programs, websites, e-mails, and IP addresses.For example, a blacklist for emails would be comprised ofIP addresses that are believed to be spamorphishing scamsand emails from these addresses are either blocked or routed to your spam folder.
One of the pros of blacklisting is its simplicity. Admins or your organization’s IT team can easily block known malicious software and run everything else. Users have access to all that theyneed,andit reduces thenumberof tickets put in and essential programs being blocked. Blacklisting is an approach that is more relaxed towards application control.
However, due to the rise ofmalwareand other bad actors, simply blacklisting may not be enough for full IT Security. With new viruses and malware being produced every day, it is almost impossible for an admin to keep a comprehensive and up todate list of malicious applications.Additionally, it may not cover your organization against targetedattacks.
Whitelisting
Whitelisting is the opposite of blacklisting. This is the practice of allowing trusted applications, websites, e-mails and/or IP addresses on your pc or network.Whitelistingis considered to bemore secure than mere blacklisting protocols. Whitelisting only allows a limited number of applications to run,effectively minimizing the attack surface. In other words, the less applications allowed to run, theless opportunity for an attack.Furthermore, building a list of trusted applications is easier as the number of trusted applications would bedefinitely lowerin comparison to the number of distrustedapplications.Businesses that must conform to strict regulatory compliance, such as healthcare organizations, benefit from whitelisting.
As expedient as whitelists can be,there are also drawbacks.Building a list of trusted applications and emails may seem easy enough, but oneinadvertentmove and suddenly you’re inundated with requests for access to applications from your team and the inability to access certain essential appscouldslow down work. This means that sometimes administrators create overly vague whitelistingrules,and this can put networks injeopardy. Another disadvantage to whitelisting is that, while blacklisting can be fully automated to an extent by using antivirus software, whitelistingneeds human intervention to work well.
Whitelisting is considered “better” as it is assumed that everything is blocked (blacklisted) until it is proven that it is not harmful and then it is whitelisted.Whitelisting is seen as the more “secure” approach.
pimrecommends a pragmatic approach that utilizes the best of both blacklisting and whitelisting.White/Blacklisting can be accomplished throughourSophosplatform. From theSophosFirewallsto the SophosMTR Advanced Endpoints installed onDesktops, Laptops, MacBook’s, and some Tablets (Microsoft Surface) andSophoswirelessaccesspoints as well.
Related Posts
What is IT Security?
EJ PhillipsIT security is a set of strategies designed to prevent unauthorized access to organizational...
Read more
What is a Firewall?
Derrick LopezA firewall is security software that runs on a physical, virtual,or cloud-based device.It is an...
Read more