Whitelisting

Definition

Allowing pre-approved applications/entities system access.

Technical Details

Whitelisting is a security model that allows only pre-approved applications, processes, or entities to execute or access system resources. This involves maintaining a list of trusted software or IP addresses that are permitted to run on the system, while all other software or addresses are blocked by default. Whitelisting can be implemented at various layers, including network, application, and endpoint security. It requires maintaining the whitelist through regular updates and audits to ensure that only legitimate and necessary applications are allowed access, thus minimizing the attack surface and reducing the risk of malware and unauthorized access.

Practical Usage

In real-world applications, whitelisting is commonly used in corporate environments to enhance security by controlling which applications can run on employee devices. For instance, organizations may deploy application whitelisting solutions that prevent users from installing unauthorized software, thereby reducing the risk of exposure to malware. Additionally, network whitelisting can be used to restrict access to sensitive data or applications by only allowing connections from specific IP addresses or domains, which is especially useful in cloud environments and for remote access solutions.

Examples

• A company uses application whitelisting software to ensure that only approved versions of antivirus and productivity software can be installed on employee computers, preventing malware installations.
• An organization maintains a whitelist of IP addresses that are permitted to access its internal server, blocking all other connections to protect sensitive data from unauthorized access.
• A mobile device management (MDM) solution implements whitelisting to allow only certain applications to be installed on employee smartphones, ensuring compliance with company security policies.

Related Terms