GoodAccess logo
News: Introducing Threat Blocker for Online Protection.
Join our webinar on March 30
hosted by our CEO, Michal Cizek.

IP Whitelisting in 2023: Everything You Need to Know

The whitelisting of IP addresses is an important part of networking security since it can significantly reduce the attack surface and risk associated with unauthorized access. Let's break this topic down and describe how it can help your business.

GoodAccess IP whitelisting explained

Table of Contents

What Is IP Whitelisting?

The whitelisting of an IP address is a cybersecurity technique that gives IT administrators control over who can access business systems and resources. IP whitelisting (allowlisting) involves creating a list of trusted IP addresses (dedicated static IP addresses are necessary), assigning them to a user or group of users as a unique identifier, and permitting the IP address on the target server only.

As a result, any system inside the LAN, datacenter or third-party SaaS application can be set up to be accessed only by users with the organization’s IP address, whether they connect from a private corporate network or through a VPN gateway. Unknown entities trying to access the system from an unlisted IP address will be restricted.

IP whitelisting is typically handled on

Example of allowing TCP/UDP traffic only from GoodAccess VPN gateway.

Fig 1: IP whitelisting settings in Amazon AWS (so called security groups). This example shows allowing TCP/UDP traffic only from GoodAccess VPN gateway.

Amazon AWS settings of GoodAccess VPN Gateway

Fig 2: Whitelisted IP address of the GoodAccess VPN gateway in Amazon AWS settings.

Brief Technical Dive into IP Whitelisting Basis

Every communication between servers or clients, over the Internet, LAN, or a private virtual network, always sends data in packets. Every packet contains the source and target IP address. These addresses are always public because they tell Internet routers where to direct the data.
Once a packet reaches its destination, the target device/server/service reads the source address and if it is whitelisted, the packet is accepted. If not, it rejects the data, i.e. informs the sender of rejecting it, or discards the packet altogether.

What is a whitelist?

A whitelist (allowlist) is an administrator-defined register of entities approved for authorized access to digital resources such as networks, apps, or to perform specific actions. Whitelisting can be used to improve security by ensuring that only approved users or devices have access to sensitive data or systems. It can also be used to ensure that only authorized actions can be performed on critical resources.

For example, to whitelist an IP address (to create IP whitelist), you first need to determine which devices or users are allowed access. Once you have a list of approved IP addresses, web applications, or users, you can add them to your whitelist using the network settings on your computer, router or firewall. Depending on your specific setup and security requirements, this process may involve entering the whitelist into the router’s configuration interface or editing the firewall rules on your computer.

Whitelisting is a stringent cybersecurity technique that, if done correctly, can prevent many cybersecurity issues by default. However, it may be time-consuming and inconvenient for administrators and must be implemented and maintained precisely. It isn't, however, an impenetrable barrier to assaults.

What Are the Use Cases of IP Whitelisting?

In essence, IP whitelisting is used for restricting network access, but there are some nuances. The most common use cases are:

Network Access Control

One of the most common use cases is restricting network access to your internet-facing services by using a firewall, where only whitelisted IP addresses are allowed to connect to the service. Only with a static IP can you define a firewall rule that remains valid indefinitely.

SaaS Access Control

Blind trust in SaaS provider security measures might be tricky. To further harden cloud resource security, SaaS applications such as Salesforce, Amazon AWS, Office365, etc., usually allow the whitelisting of an IP address within provider security settings.

Remote Access Enablement

Remote users connect via networks where company policies cannot be enforced, such as a home office or public wi-fi at airports, hotels, and cafés. So it makes sense to protect the connection to target systems via, e.g., a VPN gateway with whitelisted static IP. First, the user connects to the gateway via a client app installed on a particular device, and after authentication and verification, access is allowed to specific systems. In such a scenario, the user’s connection is protected from any device where they successfully log into the app.

IoT Security

To better protect IoT devices, such as cameras, sensors, or building controllers that use the public Internet as a communication channel, IP whitelist is a simple security measure, ensuring the device can only be reached only by trusted entities.

Unifying access control on the network layer

If you run several systems, it might be inefficient to configure and manage user access rights, 2FA or SSO on each of them. In that case full user authentication is done centrally on e.g. VPN gateway and access control is applied before accessing the application.

Benefits of IP whitelisting

IP Whitelisting Cons

IP whitelisting is usually perceived as a labor-intensive job, or a repetitive nuisance, if you prefer. Especially those IT admins who manage large networks with tons of users and devices, may suffer from the following:

Setting-up a whitelist is (can be) labor-intensive

Every user and every IP address needs to have their access rights properly evaluated and manually implemented on the firewall, router etc. On one hand, overly restrictive whitelists may limit the smooth running of business operations. On the other, an overly permissive allowlist loses its purpose of hardening network security.

Managing up-to-date whitelists requires additional resources

When the user roles or access rights change frequently, it requires additional work to keep whitelists responsive.

But there are ways to mitigate this, such as placing a SaaS access control over the VPN between your resources and external traffic. Instead of whitelisting the IP address of each device (which is virtually undoable due to the need for many static IPs), IT administrators can only whitelist the dedicated static IP address of the VPN gateway. With modern cloud VPNs, which also provide zero-trust access control, such as GoodAccess, this is a very convenient approach to reduce the complexity of IP whitelisting and preserve a high-level of security:

This approach minimizes manual configuration and centralizes whitelist management on the VPN level so that business can the enjoy benefits of whitelisting IP without the sacrificing valuable time of its administrators.

GoodAccess - Access card - system access control on VPN level

Fig 3: IP whitelisting combined with system access control on VPN level reduces complexity (source: GoodAccess feature named Access Cards)

Example: How to Start with IP Whitelisting via VPN

  1. Ensure you have a VPN gateway in place.
  2. Ensure you have a dedicated static IP address for your team.
  3. Navigate to the settings of the target device/service/firewall and add a rule that allows incoming traffic to the protected service or network only from the static IP which is assigned to the VPN gateway.
  4. Deny all other incoming traffic.
  5. Before confirming these settings, be sure you are connected to the gateway in order not to lose access.
  6. Test the connection from the public Internet (eg. via a smartphone) to prove inability to access the service from a non-whitelisted IP.

IP Whitelisting in 2023: A Fresh Perspective

Whitelisting of IP addresses is not the ultimate answer to security concerns, but, when done properly, it can significantly enhance the protection of business resources. As it follows the principle  “deny all, permit some,” it restricts external traffic to a preselected number of IP addresses and, by design, reduces the attack surface and risks associated with unauthorized access.

But there are also drawbacks which make working with whitelists a tough job. Especially the labor/time-intensity of setting up and maintaining IP whitelists as well as the additional complexity of managing whitelists in different places (firewall, VPN, SaaS app, etc.).

To mitigate these drawbacks and fully benefit from IP whitelists, businesses should consider centralizing IP whitelisting management via a single point such as business VPN. Modern cloud VPNs, eg. GoodAccess, furthermore enhance whitelisting with least-privilege access principles by allowing the segmentation of permissions based on particular user needs and thus delivering detailed access control.

GoodAccess cloud VPN with zero-trust access control lets you:

If you want to try out IP whitelisting via GoodAccess business VPN, and other remote access and security features, check out the full-featured 14-day free trial here.