Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 514 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

To whitelist by URL, or not, That is the question

NA NA3

Is there a recommend practice here to whitelist ?

In the same way as you would add Hosts/subnets to make it easy to add/update,  which would apply to any changes made in Firewall/SSLVPN etc.... does it make  sense to create "exceptions" to websites, rather than list them belonging to a group (and whitelisting the category instead) ?

More control is always the 'key' isn't it?



This thread was automatically locked due to age.
  • 0

    It depends on your security concept and how much "time" you have to spend on such tasks. 

    In the end, its a trust relationship concept. If you whitelist something, you start to trust them. 

    Its like a buddy in a pub, if you are the owner of the pub: If you whitelist him, your security person is acting as a "regular" and stop controlling him by the entrance. Which means, he could potentially carry a weapon and start a fight. But you trust him, correct?