Whitelists and blacklists are ways of filtering specific types of data, or from blocking malicious or unauthorized access to systems or databases. In the context of computer security, blacklisting and whitelisting are used as a means of access control. However, there are some differences between the two methods, and each method has its own advantages.
What is a Whitelist?
A whitelist tells a system what is allowed. If a user or a system hasn’t been granted access, or whitelisted, it will be blocked from accessing the resource. Whitelisting can range from very simple to much more complex. A simple whitelist system usually identifies applications based on their file name, size and directory paths. A more complex, stricter approach is using a combination of cryptographic hash techniques and digital signatures which are assigned to the developer of each component or application.
Whitelisting involves looking at the processes that each user or application goes through and determining the access needed to fully execute the function. The system administrator would then grant specific access to resources for each user. Whitelisting is more secure due to this process, but it’s also more work for administrator to grant access.
A simple way to describe a whitelist is to look at it in the context of email. If you have an email account and you only want to allow emails from certain senders to reach your inbox, you would add every email address that you want to receive emails from to a whitelist. Any email that comes from a sender that’s not on the whitelist would be blocked from going to your inbox. In this situation whitelists are useful if you only receive emails from a few email addresses. If you are constantly receiving emails from new email addresses then this setup is inefficient because you’d have to add every new address to your whitelist.
Whitelisting at an organizational level could use email addresses only from the company domain, IP addresses, or any number of other characteristics. There are third-party whitelisting services that will manage access to a company’s resources. These make sense for enterprise-level companies that otherwise would have to manage access for thousands of employees.
Advantages of Whitelists
- Higher level security due to identity verification and authentication.
- Allows for more specific and limited access.
- Whitelisting let’s admins block all users except the chosen few.
- National Institute of Standards and Technology say whitelisting is best for high-security environments
Disadvantages of Whitelists
- Must verify identities to check if user is whitelisted.
- Difficult to authorize a large number of users.
What is a Blacklist?
A blacklist is a list of blocked or disapproved users or applications. Imagine a blacklist as a list of known and suspected criminals maintained by the FBI or other government agency. There would likely be criminals who had not been caught who wouldn’t be included on the list. As a result, blacklisting isn’t as “secure” as whitelisting because it allows more people to slip past the system.
In the context of an email account a blacklist would be the email addresses that you don’t want to receive emails from. This would allow emails from all unknown sources to flow into your inbox. In the event you receive a “spam” message, you would add that sender to a blacklist to prevent them from contacting you again. This is a convenient setup if are receiving a lot of messages from new email addresses. However, if someone wants to send you an endless stream of messages until they get added to the blacklist, they can do so. Once they are added to the blacklist, they could just get a new email address and hit your inbox that way.
Compared to a whitelist system, a blacklist is a simpler method of access control. With a whitelist you must identify and then verify each user or application that contacts your system. Blacklisting will check and if there isn’t a match to a blacklisted item, the user will be granted access.
Advantages of Blacklists
- Blacklisting is simple due to not having to check the identity of every user.
- Allows free flowing access to resources.
Disadvantages of Blacklists
- Only accounts for known variables, so can only protect from identified threats.
- Blacklists are often exploited by malware that are designed specifically to evade detection.
Which is Better for Security: Blacklist or Whitelist?
The choice between a blacklist or whitelist for your organizational or personal needs will depend on the level of security you need and the level of convenience you’re willing to give up.
Blacklists can be best if you aren’t concerned with protecting a certain system. This would be a system that contains non-sensitive, even public, information. If you’re trying to prevent abuse or bot traffic, black listing can be very effective.
In general though, if you are trying to make your system as secure as possible the best choice will be a whitelist. Whitelisting is the choice for organizations with high-security standards or sensitive information. Regardless of the extra time required to maintain an up-to-date whitelist.