NCSS small.png


Whitelisting and blacklisting are two methodologies to control access to websites, email, software

and IP addresses on networks.  Whitelisting denies access to all resources and only the “owner” can

allow access. Blacklisting allows access to all with the provision that only certain items are denied.



Whitelisting has advantages in that you control access to the website or virtual resource you want

your business to use, however, is less dynamic and more restrictive in terms of ease of use and

versatility. This is a control mechanism where you deny access to all resources by default then allow

access to resources by name. Think of your home, where only you and your family can get access

the front door. Everyone in your family would have a front door key, but some individuals don’t have

keys to every door. You may have a shed out back that only you have they key because dangerous

chemicals are stored there. The disadvantage is that not everyone in your family has open access to

the shed and would have to ask permission to get something out. Now, that may work for a small family,

but would be unworkable unless the number of employees requiring access is small. This type of access

control is useful for financial or personnel records, where a business might have only 2-5 employees

who access these files, software or websites.



Blacklisting is advantageous in that it allows free and open access to any email, website, IP address or

software as long as it’s not a security risk. This is the concept that all web traffic is allowed, and certain

items are disallowed by name or circumstance (aka security risk).


Download a PDF of this fact sheet.


Still have questions, need help?

Contact us at our “Ask-an-Expert” service, or visit us at the link below.


©2018 National Cybersecurity Society, All Rights Reserved



Become a member of The National Cybersecurity Society today and learn more about how to protect

your business from a cyber attack.



About The National Cybersecurity Society

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity

education, awareness and advocacy to small businesses. The NCSS provides cybersecurity education

tailored to the needs of the small business owner; helps small businesses assess their cybersecurity

risk; distributes threat information to business owners so that they will be more knowledgeable about

the threats facing their business; and provides advice on the type of services needed to stay safe online.

Similar Content