[Dshield] Blocking Country Access

Johannes B. Ullrich jullrich at sans.org
Wed Feb 21 16:21:58 GMT 2007


Andrew Willy wrote:
> Good point.
> 
> I have a web application that only our employees need access to.  Because
> these employees should never access the application from outside the US,  it
> makes sense to me to only permit networks from the US.
> 
> Is there any reason not to go ahead with this filtering?

In this particualr case: Why don't you got over last years logs, and see
what IP addresses your users connect from. Its likely a few local ISPs.
Only allow access from the networks they actually use, and put some kind
of policy/procedure in place why which they can easily request to have a
new range added.





-- 
---------
Johannes Ullrich                        http://isc.sans.org

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
	Register Today! <http://www.sans.org/info/2501>
(Brochurecode: ISC)

PGP Key: https://secure.dshield.org/PGPKEYS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.sans.org/pipermail/list/attachments/20070221/1b5ea99a/attachment.bin 


More information about the list mailing list