Comment by UltraSane
4 months ago
As a network admin I have found that whitelisting only US address space for my companies IPs drastically reduces how many attacks we get.
4 months ago
As a network admin I have found that whitelisting only US address space for my companies IPs drastically reduces how many attacks we get.
As a person who had to deal with clients, I have found whitelisting to only "US address space" lead to lots of clients being unable to access the services until they were whitelisted.
As a person who had to deal with other associates, I also found whitelisting only US address space led to a number of people being unable to connect from their homes.
As a person who had this happen to them, I had quite a lot of frustrations with services insisting they couldn't provide me service because Texas is in Canada apparently.
of course before implementing this I log all IPs and verify that we don't have any legitimate traffic coming from non-US IPs. and whitelisting a few IPs isn't a big deal. Of course a medium sized manufacturing company in the Midwest isn't going to have much need for people connecting to use outside the US.
I'm actually working to get rid of any public IPs that isn't a VPN access point.
> any legitimate traffic coming from non-US IPs.
If it's not actually reaching you to log in and what not, how do you know it's legit or not?
How do you know it's US traffic or not in the end?
I'm not saying it's not something anyone can reasonably do, but I've both been the gatekeeper required to implement/support such a policy and been someone burned by it. It shouldn't be assumed the block lists are actually that good.
4 replies →