A whitelist or blacklist is a positive or negative list that can be used to protect systems in the IT environment. Whitelists and blacklists pursue opposing strategies and are used in a wide variety of areas.
What are a whitelist and blacklist?
In the IT environment, the terms whitelist and blacklist often come up. These are positive and negative lists that can be used to protect IT systems from threats or unwanted actions.
White and black lists have exactly opposite approaches. Depending on the area of application, either the use of a blacklist or a whitelist may make more sense. Possible application areas in the IT environment include rules for firewalls, spam protection, virus protection, or allowing and prohibiting visits to certain websites.
The whitelist approach
The whitelist follows the approach that basically everything is forbidden that is not explicitly entered in the list. Accordingly, the whitelist contains only the desired and trusted entries. The entries in the list thus represent the exceptions to the general prohibition rule. For example, persons, websites, e-mail addresses, or programs can be listed with which communication or execution is permitted.
If the entry is missing, any communication or interaction is prohibited. The whitelist enables central control of which interactions are permitted for IT users or IT systems. However, it is necessary to know and define exactly which interactions are allowed. Unknown applications or targets cannot be entered into the list and are subject to the general prohibition rule.
The blacklist approach
With a blacklist, basically, everything is allowed that is not found in the list. The blacklist represents a negative list and lists the targets, programs, or addresses that are not trustworthy or allowed. Thanks to the negative list, it is possible to specifically ban individual applications or communication targets.
Areas of application and examples
In the IT environment, whitelist and blacklist are used in a wide variety of areas. For example, firewalls are often configured using a whitelist. Only the communication targets that have previously been actively entered in the list by an administrator can communicate across the firewall; all other connection requests are prevented. A whitelist can also help with endpoint protection by allowing only those applications listed in the whitelist to be executed on the endpoint.
Another area of application is the protection of minors. Internet access can be configured via a positive list so that only the destinations on the list can be accessed by certain users. E-mail systems can also be controlled via a positive list. Only e-mail messages from trusted senders on the list are received.
The weaknesses of the whitelist
A whitelist can lead to high maintenance costs. Since everything that is not entered in the list is prohibited, new destinations, applications or contacts must be constantly updated. Only when the list has been updated can the user reach the new targets or run the new applications. Often, whitelisting in companies requires automatic procedures that take over the constant list maintenance and relieve the administrators.
The weaknesses of the blacklist
A blacklist can only provide reliable protection if the malicious or untrusted applications and communication targets are known and entered into the list. Threats are not prevented until the blacklist has been updated.