What is Whitelist?

whitelist (or, less commonly, a pass list or allowlist) is a mechanism that explicitly allows some identified entities to access a particular privilege, service, mobility, or recognition i.e. it is a list of things allowed when everything is denied by default. It is the opposite of a blacklist, which is a list of things denied when everything is allowed by default.

Network whitelists

Network Whitelisting can occur at different layers of the OSI model.

LAN whitelists

LAN whitelists are enforced at layer 2 of the OSI model. Another use for whitelists is in local area network (LAN) security. Many network admins set up MAC address whitelists, or a MAC address filter, to control who is allowed on their networks. This is used when encryption is not a practical solution or in tandem with encryption. However, it’s sometimes ineffective because a MAC address can be faked

Firewall whitelists

Some firewalls can be configured to only allow data traffic from/ to certain (ranges of) IP addresses. A firewall generally works at layers 3 and 4 of the OSI model. Layer 3 is the Network Layer where IP works and Layer 4 is the Transport Layer, where TCP and UDP function.

Application whitelists

The application layer is layer 7 in the Open Systems Interconnection (OSI) seven-layer model and the TCP/IP protocol suite. Whitelisting is commonly enforced by applications at this level.

One approach in combating viruses and malware is to whitelist software that is considered safe to run, blocking all others. This is particularly attractive in a corporate environment, where there are typically already restrictions on what software is approved.

Leading providers of application whitelisting technology include Bit9, Velox, McAfee, Lumension, Airlock Digital, and SMAC

On Microsoft Windows, recent versions include AppLocker, which allows administrators to control which executable files are denied or allowed to execute. With AppLocker, administrators can create rules based on file names, publishers, or file locations that will allow certain files to execute. Rules can apply to individuals or groups. Policies are used to group users into different enforcement levels. For example, some users can be added to a report-only policy that will allow administrators to understand the impact before moving that user to a higher enforcement level.

Linux systems typically have AppArmor and SE Linux features available which can be used to effectively block all applications which are not explicitly whitelisted, and commercial products are also available.

On HP-UX introduced a feature called “HP-UX Whitelisting” on the 11iv3 version.