This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mikegemini
Explorer
‎2023-09-22 07:41 AM
Jump to solution

IP Geoblocking Strategy - R81.10 Firewall

Hi Everyone,

 

One of my clients is using an R81.10 Firewall.

 

They noticed that someone was attempting to connect to the network, using a Russian Federation IP address. That individual looks like they attempted to use IPs from a few different countries, then they eventually switched to one that wasn't on our GeoGraphic block list.

 

Three Questions: 

 

1.) Is this an issue with this specific firewall that my client is using in any way, or just part of the evolving landscape with VPNs being used easily?

 

2.) How prevalent are attackers circumventing IP blocks with VPNs?

 

3.) If this is prevalent, is doing GEOgraphic blocks of inbound traffic still worth doing? My thought is it might stop an amateur from getting into my client's network at the very least, but that's just my personal bias speaking. 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-09-22 04:07 PM
Jump to solution

Geo-blocking isn't foolproof.
It's easy for determined hackers to find an IP that's not being geo-filtered through any number of VPN providers. 
Also, the geo databases for which IPs are where in the world are sometimes inaccurate.

My take: unless you're subject to a regulatory requirement to do so, I don't see a lot of value in geo-filtering IP addresses.

View solution in original post

(1)
5 Replies
PhoneBoy
Admin
Admin
‎2023-09-22 04:07 PM
Jump to solution

Geo-blocking isn't foolproof.
It's easy for determined hackers to find an IP that's not being geo-filtered through any number of VPN providers. 
Also, the geo databases for which IPs are where in the world are sometimes inaccurate.

My take: unless you're subject to a regulatory requirement to do so, I don't see a lot of value in geo-filtering IP addresses.

(1)
Bob_Zimmerman
Authority
Authority
‎2023-09-23 06:43 AM
In response to PhoneBoy
Jump to solution

As a counterpoint, I see geo-blocking as a good way to filter out the fully-automated trash attacks. Traffic from countries where you don't do business is rarely legitimate. Analyzing and responding to it is a waste of time. Block it and you cut down a lot of noise so you can focus more on serious threats.

Sure, it won't protect against a determined human, but it gives you a higher chance of noticing that human.

(1)
the_rock
Legend
Legend
‎2023-09-23 07:50 AM
In response to Bob_Zimmerman
Jump to solution

Excellent point @Bob_Zimmerman 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-25 09:47 AM
In response to Bob_Zimmerman
Jump to solution

This falls under "least privilege" insofar as if you have no reason to be communicating with someone in a particular country...why allow it to begin with?
I can see both sides of this.

0 Kudos
the_rock
Legend
Legend
‎2023-09-22 09:15 PM
Jump to solution

Put it this way...you can literally use ANY service out there, such as nord vpn, hma vpn, whatever and say if someone is in a country you are blocking, they can connect to vpn service in a country thats not blocked and bam, now their traffic is not blocked. I totally get the point @PhoneBoy made.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events