Definition

whitelist (allowlist)

Andrew Froehlich

By

Andrew Froehlich, West Gate Networks

What is a whitelist (allowlist)?

A whitelist (allowlist) is a cybersecurity strategy that approves a list of email addresses, IP addresses, domain names or applications, while denying all others. IT administrators use a whitelist as a quick and easy way to help safeguard computers and networks from potentially harmful threats or inappropriate material on local networks or across the internet.

How does a whitelist work?

A whitelist is based on a strict policy set and is managed by an IT administrator. When the administrator is certain about access permissions, using a whitelist does not require an additional understanding of components that are not allowed since these are denied by default.

Administrators compile a list of allowed sources, destinations or applications that users require access to, and then the list is applied to a network appliance, desktop or server software, or OSes. Once applied, the network device or server monitors user, device or application requests and allows access to whitelisted services. All other requested services are denied. While the whitelist permits access or communication to specific approved applications or services, denied requests include locations or services that meet the following criteria:

are either software or malicious code, such as malware, advanced persistent threats or ransomware;
contain material that is not in compliance with company internet usage guidelines;
could lead to sensitive material leaking out to the public; and
inappropriately facilitates the use of shadow IT.

What are some examples of whitelisting?

Email spam filters. These filters are intended to prevent most unsolicited email messages, or spam, from appearing in subscriber inboxes. However, cleverly crafted spam sometimes slips through, while important, relevant emails are blocked. Most email users tolerate the occasional unsolicited email advertisement but are more concerned when important messages are not received. The whitelist option within the spam filtering service puts the power of explicit permits into the mailbox user's hands.

Access control lists. ACLs that are applied to a network router interface can be configured to permit access to individual or blocks of IP addresses. ACLs are processed from the top down with an implicit deny any at the end of the list. This means that destination IP addresses are matched with the access list, and if the IP address is not contained in the list, the packet is dropped.

What does it mean to be put on a whitelist?

Often, a user or department requests access to a specific approved application or to a remote server or service not accessible from corporate devices or the corporate network. When a destination or application is put on a whitelist, it is considered safe, and access to the remote destination, application or service is granted.

Whitelist vs. blacklist (blocklist)

While a whitelist is a list of applications or services that are explicitly permitted, blacklisted or blocklisted applications or services are explicitly denied. There are situations in which maintaining a blacklist rather than a whitelist is preferred. For example, if the number of items, locations or applications that need to be permitted are greater than those that need to be blocked, it is easier to set up a blacklist. Content filters and antimalware applications tend to favor the use of blacklists for this reason.

Whitelisting best practices

The following are some best practices for maintaining and implementing whitelists:

document and categorize all whitelisted objects;
be as specific as possible when creating a whitelist object;
perform whitelist reviews to add or purge apps or services, and keep the list up to date; and
apply whitelists efficiently by placing users into access groups and applying specific whitelists to each group based on job function.

TechTarget is responding to readers' concerns as well as profound cultural changes when it comes to certain commonly used but potentially linguistically biased terms. In some cases, we are defaulting to industry-standard terminology that may be seen as linguistically biased in instances where we have not found a replacement term. However, we are actively seeking out and giving preference to terms that properly convey meaning and intent without the potential to perpetuate negative stereotypes.

This was last updated in December 2021

Continue Reading About whitelist (allowlist)

Technical controls to prevent business email compromise attacks

How to choose the right email security service for your organization

How to create a ransomware incident response plan

NCSC tackles unconscious bias in security terminology

Email security: Turn your weakest link into your strongest line of defense

What is wavelength?
Wavelength is the distance between identical points, or adjacent crests, in the adjacent cycles of a waveform signal propagated ...
subnet (subnetwork)
A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

What is a computer exploit?
A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or ...
What is malware? Prevention, detection and how attacks work
Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.
What is exposure management?
Exposure management is a cybersecurity approach to protecting exploitable IT assets.

CIO

What is a startup company?
A startup company is a newly formed business with particular momentum behind it based on perceived demand for its product or ...
What is a CEO (chief executive officer)?
A chief executive officer (CEO) is the highest-ranking position in an organization and responsible for implementing plans and ...
What is labor arbitrage?
Labor arbitrage is the practice of searching for and then using the lowest-cost workforce to produce products or goods.

organizational network analysis (ONA)
Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...
HireVue
HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...
Human Resource Certification Institute (HRCI)
Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience

What are virtual agents and how are they being used?
A virtual agent -- sometimes called an intelligent virtual agent (IVA) -- is a software program or cloud service that uses ...
What is first call resolution (FCR)?
First call resolution (FCR) is when contact center agents properly address a customer's needs the first time they call so there ...
What is the law of diminishing returns?
The law of diminishing returns is an economic principle stating that as investment in a particular area increases, the rate of ...

Close