Last Updated on August 1, 2021 by Admin 2
What occurs when you allow specific executable files while denying all others?
When you whitelisting, you are creating a list of allowed applications while denying all others. Those approved applications are designated as whitelisted. These lists can also be used for domain name allowance with DNS. Several products are available that check for applications that are not on the whitelist, including attempts to install those applications. For example, the logs generated by the whitelisting product would tell you if someone had attempted to install a key logger.
When blacklisting, you create a list of denied applications while allowing all others. These lists can also be used for domain name blocking with DNS. Blacklisting is an allow by default concept, where all software is allowed to execute unless it is on the Deny List.
There is no form of filtering called redlisting or greylisting.
Objective: Security Monitoring
Sub-Objective: Describe these NextGen IPS event types: Connection event, Intrusion event, Host or endpoint event, Network discovery event, NetFlow event.