Before answering the question, we must digress. There are two different issues related to black/white list management. One pertains to managing user permissions to access IT-provided services, such as web applications, specific application features, data, websites and network locations for both current and departing employees. The other has to do with application whitelisting (i.e. managing which applications are allowed to run on a network).
With regard to user permissions, of particular concern to most IT departments is the exploding use of web applications. These applications can lower costs, make users more productive and increase the flexibility of IT departments. But with every new web app application comes another, often weak, user password to manage, and another possible hacker entry point into the network.
Here are a few steps that will help you manage user access to all of the services that IT provides:
Application whitelisting has a lot in common with user-permissions management. In both cases, one of the main drivers is the need to protect networks from unwanted intrusion. Blacklisting is when you check every new file on a system to see if it’s malicious and, if it is, you need to prevent it from being executed. Whitelisting, which has been around for some time, uses the opposite approach. Instead of examining every file and blocking those that appear malicious, whitelisting allows only for the execution of “good”. Essentially, this means flipping the antivirus model from a “default allow” to a “default deny” for all executable files. You can do this by creating a list of known or approved file hashes and allowing only those files to be executed.
The problem with this approach, of course, is that users generally believe they have the right to control their own devices and access whatever they feel will help them be more productive, work smarter and communicate better with customers and colleagues. “Default deny” flies in the face of that. But with the increased level of attacks that most IT departments see today, it is a strategy worth considering. On the downside, whitelisting can cause problems by inadvertently blocking non-malicious code.
Needless to say, doing all of the above can be cumbersome and time-consuming if you try to do it yourself and do it manually. User permission management services offered by third-party vendors can help you automate much of this so you’re free to focus on IT activities that add to the bottom line. These services can also help you unwind access and permissions when an employee leaves the organization.
There are also application whitelisting programs available, many of which are offered by the same vendors that produce anti-malware products. You can also go online to find instructions on how to whitelist applications in Windows® and through other specific network security products.
Windows and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.