Lockdown Browser Allow-List vs Block-List
When implementing a lockdown browser for Test Security, there are two main approaches to application control: Application Whitelisting (Allow-list) and Application Blacklisting (Block-list).
With no defined guidelines on which is better, Test Administrators often face situations where they have to choose between the two. In this article we’ll look at the pros and cons of both these approaches.
Blacklisting is one of the oldest approaches in computer security. This approach is used by most antivirus softwares to block unwanted programs and applications. The process of blacklisting applications involves the creation of a list containing all the programs, applications or executables that might pose a threat to test security, either in the form of capturing test content or by assisting the candidate in taking the test. The default behavior in Blacklisting is to allow access and block only the applications in the Block-list.
Blacklisting takes a Threat-centric approach and looks for apps that can be a threat.
Pros and cons of blacklisting
- Blacklisting is best suited in BYOD scenarios where you do not have control over the Hardware and OS configurations of the candidate machines.
- The biggest benefit of blacklisting is its simplicity. You need to block only known non-essential software and run everything else.
- All other essential programs and applications can continue to run by default, reducing the volume of support tickets raised for essential applications being blocked
- While blocking every application that is distrusted is simple and efficient, it may not always be the best approach as new applications are created every day, making it impossible for you to keep a comprehensive and updated list of applications to be blocked
- There is always a possibility of an unknown/unregistered/rogue application running in the background without getting blocked by the Lockdown Browser.
Just as the name suggests, whitelisting is the opposite of blacklisting, where a list of trusted programs and applications are exclusively allowed to run. This method of application control can either be based on policies like file name, product or application or it can be applied at an executable level, where the digital certificate or cryptographic hash of an executable is verified. The default behavior in Whitelisting is to block access, and allow only the applications in the Allow-list.
Whitelisting takes a trust-centric approach and looks for trusted apps.
Pros and cons of whitelisting
- Whitelisting only allows a limited number of applications to run, effectively minimizing the security threat
- Best suited in a controlled environment (Testing Centers, University Labs), where it is easy to control the programs and applications to be allowed on each of the machines.
- This approach is not suitable in a BYOD scenario where there is no control on the Hardware and OS configurations of the machines used.
- Building a whitelist may seem easy, but one inadvertent move can result in help desk queries piling up. Inability to access essential applications would put various critical tasks on halt.
- Determining the list of programs and applications that should be allowed to execute across Hardware and OS combinations is an intensive process, and keeping this list updated is even harder.
Whitelisting is clearly the more secure option, but it is best suited in a controlled Test Environment. Blacklisting is less secure, but it’s a more practical option. It is simple, reasonably secure and is best suited when your candidates are taking the test on their own devices.