Whitelisting vs Blacklisting, preventing or reacting

There are different security methods out there, but when it comes to data filtering, there are two widely-used ones. You can use either whitelist (allow, give a permit) or blacklist (block, put in the list of forbidden). There is a big debate in the IT community which is better. Whitelisting vs Blacklisting.

Many IT specialists say that whitelisting leads to better protection, but it has too many limitations. It takes too much time and needs continuous changes. This generates more expenses. On the other side is the blacklisting. You simply put all the problematic devices in a blacklist and they no longer can engage with your network. But can you block all of them?

Let’s check them out and we later you can make your choice on the “Whitelisting vs Blacklisting” debate.

Whitelisting vs Blacklisting

Blacklisting

Many companies build their business on top of the blacklisting. This is the case of all the antivirus firms. They create a massive list of malware, including every new one there. If we think about it, we can see that it is a very practical approach to the common attacks. Let’s see why some security experts like it:

Simple and scalable. Yes, it is basic protection, but it stops many of the attacks. It is also straightforward to apply it to different devices. You just install the software. A system administrator can do it to all of the computers at the same time.

Easy to administrate. The primary responsibility to maintain the blacklist is on the third party (the software provider of the antivirus). The provider is often updating the list and searching actively for new threads while the IT specialists inside the protected company, don’t need to do a thing.

Blacklisting can be used for blocking specific applications and websites. This will reduce the risk that your employees introduce with their actions.

Whitelisting

Whitelisting is about prevention, not about reacting. People do blacklisting after they have found a problem, whitelisting stops everything except the allowed on the list.

The system administrator can apply the whitelist on the scale of the network. Doing this, they can allow just specific websites or only individual applications. This is good for limiting the threads, but it can affect the work when somebody needs a new app or visit a new site. It will require more work from the admins.

Whitelisting is very practical for remote access. Imagine you want to allow some of your employees to work from home. You can’t use blacklisting, because it will take you forever to block all the IPs from other people, outside of your company. You will use the whitelisting and add just a few IPs (they need to have static IPs).

Whitelisting vs Blacklisting table comparison

Blacklist Whitelist
Default Everything allowed Everything is forbidden
What does it do? It blocks everything on the blacklist (software, emails, websites, IPs, etc.) It allows everything on the whitelist (software, emails, websites, IPs, etc.)
Potential problems It is reactive. Someone needs to put the problematic item in the list. For example, if it is a virus, IT specialist will put it there after it detects it, and it could be late already (some devices affected) Preventive. It stops everything except the whitelisted items. It can stop the work because a needed item is not on the list.

Conclusion

Whitelisting vs Blacklisting, did we find which is better? No, they have their good and bad sides. The best option is a combination of the two, depending on your IT specialists’ capacity. You can use antivirus software (blacklisting) and block some specific list of websites that you don’t want to be accessible from your company. At the same time, you could use whitelisting for your remote access and more sensitive data inside your company.

 

Enjoy this article? Don't forget to share.

Leave a Reply

Your email address will not be published. Required fields are marked *

*