Blacklisting and whitelisting
A simple approach and fundamental principle in IT security is to allow what is really needed. Security is all about access control and keeping track of activity with identity. In cyber security, access is granted based on identity and intent. Whitelists are identities with good intent and blacklists are identities with bad intent. This is a debatable topic and we will discuss it further with regards to requirements and implementation:
What is blacklisting?
Most of the antivirus suites on the market work with a blacklist approach to detecting and preventing viruses and malware. In the 1980s, antivirus was first introduced with blacklist. Today, the antivirus industry still follows the same principle. This works similar to creating a list of all cyber criminals in the world. However, what happens if you miss a few criminals, or if they are new and are not on the list? Depending on the IT environment, blacklisted entities might extend to users, applications, processes...
