Browse Definitions :
Definition

behavior whitelisting

Behavior whitelisting is a security method in which permissable actions within a given system are specified and all others are blocked. The method may be conducted through security software or the addition of whitelisted exceptions to a behavior blacklist.

Behavior whitelisting is used to secure websites, services and forums from bots and hackers, computers from malware and hacking attempts and email from spam and phishing attempts. Whitelisting is also used in the breach detection systems (BDS) protecting networks.

The two traditional ways of blocking spam are are content-based filtering and IP-based blacklisting. These methods are becoming less effective as spammers find ways to get around them. Blocking all behavior not on a whitelist can provide very effective security. However, it requires knowledge of what tasks and communications a system will need to perform and must be adjusted when these requirements change.

Whitelisting behavior can also be very effective in spam prevention. The method works well when the types of email sent and received are not so varied and unpredictable as to be outside of a whitelist, causing false positives. Formal email procedures can facilitate whitelisting behavior. Whitelisting commonly saves CPU and memory resources as the list of allowed behaviors is almost always smaller than is the case in a blacklist and therefore less work to scan through.

If improperly implemented, behavior whitelists can create vulnerabilities. Whitelisting is most effective where the number of required allowable functions are few and security requirements and accessibility are high. A blacklist used in this situation requires more set-up time and maintenance work to block the high volume of more varied behaviors. Blacklists also require more comprehensive and up-to-date knowledge of threats. Both methods must be implemented scrupulously to provide adequate security.

This was last updated in January 2017

Continue Reading About behavior whitelisting

SearchCompliance

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

  • enterprise document management (EDM)

    Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be...

SearchSecurity

  • principle of least privilege (POLP)

    The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what are ...

  • biometric authentication

    Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they...

  • denial-of-service attack

    A denial-of-service (DoS) attack is a security event that occurs when an attacker makes it impossible for legitimate users to ...

SearchHealthIT

SearchDisasterRecovery

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

  • cloud testing

    Cloud testing is the process of using the cloud computing resources of a third-party service provider to test software ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

Close