White listing vs Black listing

I have always found this an interesting concept; whitelisting and blacklisting. From what i can gather;

whitelisting means one is given access to a specific entity and there is an implicit deny to all others trying to access it.
blacklisting means one is given explicit allow to the entity and a list of deny is given to those who are not given access to.

Per Schneier,
Access control is whitelisting: if you know the password, or have the token or biometric, you get access. Antivirus is blacklisting: everything coming into your computer from the Internet is assumed to be safe unless it appears on a list of bad stuff.”

For a firewall, i would perceive that doing an access control list which implements whitelisting would be the way to secure your parameters as there is too many vectors to deny in a common web space.

Thanks to Schneier, i finally got the right idea. The best article for this:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s