Blocking Is Not Just For Football

Blocking is used in football to prevent the opposing defense from tackling your quarterback or running back.  In cybersecurity, blocking can be used to prevent attacks from malicious sources.  Today  and Friday we will look at several blocking tactics:  IP blocking, geo-blocking, sender blocking, and domain blocking.

IP Blocking

Every time your computer connects to another computer or web server, there is an exchange of information that happens, including an exchange of IP address information.  Blocking is sometimes known as blacklisting.  If you block an IP address, you are adding it to a “blacklist” of IP addresses that your computer will refuse to connect with. The most aggressive type of IP blocking would be to block everything, except for identified permitted sites and connections.  This is known as “whitelisting.”

It is possible to subscribe to blacklist services for blocking connections to websites or email servers.  One of my favorite web site security products, Wordfence, provides automated IP blacklisting based on current observed threats.  In a recent blog post, Wordfence discusses the problem with IP blocking.  The biggest issue is that attackers tend to cycle through their source IP address rather quickly, with the average active time being 10 hours.  Often, the IP address being used by an attacker is the IP address of another innocent victim whose web server or computer is being used to stage an attack.  In other situations, an anonymizing proxy service such as TOR is being used, and the IP address you see is just one of several thousand TOR exit nodes.  So manual IP address blocking will not help secure your computer, network, or website particularly well.

Geo Blocking

In the physical world, one of the security practices that we all know is to avoid bad or dangerous neighborhoods.  The US State Department issues travel advisories for countries deemed dangerous for travelers.  Some of the same countries are dangerous from a cybersecurity standpoint, too.

Geo-blocking is a tactic that basically says if you don’t have a business need to allow connections from or to these countries, then we will block access to those countries.  Cyber-crime hotbeds such as Russia, India, North Korea, and Vietnam spring to mind, but there are others.  This is usually accomplished by blocking entire IP address ranges or classes that have been assigned by IANA (Internet Assigned Number Authority) to those countries.  You can set up security on your website to block access to your website by users (or attackers) in those countries.  Again, this is an easy service to subscribe to.  Wordfence and other popular website security products will provide geo-blocking.  This can be accomplished on most firewalls too.  Most modern email systems allow for geo-blocking as well.  If you or your staff have no reason to connect to sites in other parts of the world, those countries can be blocked.

Geo-blocking is quite effective, and has become one of the go-to tactics for cybersecurity and network profession to deploy.  On Friday we will discuss sender blocking and domain blocking, and how they might fit into your cybersecurity practices.

More information:


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.