[Dshield] Blocking Country Access
Johannes B. Ullrich
jullrich at sans.org
Wed Feb 21 16:21:58 GMT 2007
Andrew Willy wrote:
> Good point.
> I have a web application that only our employees need access to. Because
> these employees should never access the application from outside the US, it
> makes sense to me to only permit networks from the US.
> Is there any reason not to go ahead with this filtering?
In this particualr case: Why don't you got over last years logs, and see
what IP addresses your users connect from. Its likely a few local ISPs.
Only allow access from the networks they actually use, and put some kind
of policy/procedure in place why which they can easily request to have a
new range added.
Johannes Ullrich http://isc.sans.org
SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! <http://www.sans.org/info/2501>
PGP Key: https://secure.dshield.org/PGPKEYS
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.sans.org/pipermail/list/attachments/20070221/1b5ea99a/attachment.bin
More information about the list