WHAT IS A WHITELIST AND A BLACKLIST?
Whitelisting and blacklisting are two methodologies to control access to websites, email, software
and IP addresses on networks. Whitelisting denies access to all resources and only the “owner” can
allow access. Blacklisting allows access to all with the provision that only certain items are denied.
FACT 1: WHITELISTING
Whitelisting has advantages in that you control access to the website or virtual resource you want
your business to use, however, is less dynamic and more restrictive in terms of ease of use and
versatility. This is a control mechanism where you deny access to all resources by default then allow
access to resources by name. Think of your home, where only you and your family can get access
the front door. Everyone in your family would have a front door key, but some individuals don’t have
keys to every door. You may have a shed out back that only you have they key because dangerous
chemicals are stored there. The disadvantage is that not everyone in your family has open access to
the shed and would have to ask permission to get something out. Now, that may work for a small family,
but would be unworkable unless the number of employees requiring access is small. This type of access
control is useful for financial or personnel records, where a business might have only 2-5 employees
who access these files, software or websites.
FACT 2: BLACKLISTING
Blacklisting is advantageous in that it allows free and open access to any email, website, IP address or
software as long as it’s not a security risk. This is the concept that all web traffic is allowed, and certain
items are disallowed by name or circumstance (aka security risk).
Download a PDF of this fact sheet.
Still have questions, need help?
Contact us at our “Ask-an-Expert” service, firstname.lastname@example.org or visit us at the link below.
©2018 National Cybersecurity Society, All Rights Reserved
JOIN THE NCSS
Become a member of The National Cybersecurity Society today and learn more about how to protect
your business from a cyber attack.
About The National Cybersecurity Society
The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity
education, awareness and advocacy to small businesses. The NCSS provides cybersecurity education
tailored to the needs of the small business owner; helps small businesses assess their cybersecurity
risk; distributes threat information to business owners so that they will be more knowledgeable about
the threats facing their business; and provides advice on the type of services needed to stay safe online.