A whitelist is a security feature that only allows access to systems, software, or data if the way the system is accessed is identical to the whitelist criteria. Whitelists are used to ensure only access meeting predefined filters or authorization is allowed access to sensitive areas.
Terms related to Whitelist: Blacklist, Systems Access, IP Address Ranges, Spam, Firewalls, Web Servers.
A whitelist only allows entities on the whitelist to access defined systems, based on specific, predefined criteria. These criteria can vary, and can be made up of complex rules and granular information. If a specific element is whitelisted, only access attempts that contain that element will be accepted, making all other access impossible.
Only Allow Access from Certain IP Addresses
IP addresses that do not fall into a certain range can be prevented from accessing websites, systems, or data. An IP address whitelist is typically enforced through web server or firewall rules that reject access attempts unless the IP address of a specific device matches the whitelisted range.
Only Allow Access via Firewall
Firewalls can be setup with sophisticated rules to only whitelist certain areas and only allow access if those criteria are met. For example, a firewall may only grant access to specific devices, regions, countries, networks, or users. Firewall rules can also be combined to provide granular whitelist access controls.
Only Allow Emails and Messages from Whitelisted Contacts
Spam and other filters can block messages and emails from contacts not on a whitelist. This is also combined with blacklisting which email providers can use to sort messages into spam folders.
Grant Access Within Systems and Data
Whitelists can also be applied inside applications and data. For example, a programmer may only allow certain data to be modified, or only grant access to specific parts of a dataset or system.
Compare whitelists with blacklists, where any access attempt that meets the blacklist criteria is rejected.