[Dshield] Blocking Country Access

Andrew Willy andrewwilly at gmail.com
Wed Feb 21 18:41:58 GMT 2007


Thanks, this is a good suggestion.

Andrew

On 2/21/07, Johannes B. Ullrich <jullrich at sans.org> wrote:
>
> Andrew Willy wrote:
> > Good point.
> >
> > I have a web application that only our employees need access
> to.  Because
> > these employees should never access the application from outside the
> US,  it
> > makes sense to me to only permit networks from the US.
> >
> > Is there any reason not to go ahead with this filtering?
>
> In this particualr case: Why don't you got over last years logs, and see
> what IP addresses your users connect from. Its likely a few local ISPs.
> Only allow access from the networks they actually use, and put some kind
> of policy/procedure in place why which they can easily request to have a
> new range added.
>
>
>
>
>
> --
> ---------
> Johannes Ullrich                        http://isc.sans.org
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
>         Register Today! <http://www.sans.org/info/2501>
> (Brochurecode: ISC)
>
> PGP Key: https://secure.dshield.org/PGPKEYS
>
>
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>
>


More information about the list mailing list