Blocking Is Not Just For Football

Blocking is used in football to prevent the opposing defense from tackling your quarterback or running back.  In cybersecurity, blocking can be used to prevent attacks from malicious sources.  Today  and Friday we will look at several blocking tactics:  IP blocking, geo-blocking, sender blocking, and domain blocking.

IP Blocking

Every time your computer connects to another computer or web server, there is an exchange of information that happens, including an exchange of IP address information.  Blocking is sometimes known as blacklisting.  If you block an IP address, you are adding it to a “blacklist” of IP addresses that your computer will refuse to connect with. The most aggressive type of IP blocking would be to block everything, except for identified permitted sites and connections.  This is known as “whitelisting.”

It is possible to subscribe to blacklist services for blocking connections to websites or email servers.  One of my favorite web site security products, Wordfence, provides automated IP blacklisting based on current observed threats.  In a recent blog post, Wordfence discusses the problem with IP blocking.  The biggest issue is that attackers tend to cycle through their source IP address rather quickly, with the average active time being 10 hours.  Often, the IP address being used by an attacker is the IP address of another innocent victim whose web server or computer is being used to stage an attack.  In other situations, an anonymizing proxy service such as TOR is being used, and the IP address you see is just one of several thousand TOR exit nodes.  So manual IP address blocking will not help secure your computer, network, or website particularly well.

Geo Blocking

In the physical world, one of the security practices that we all know is to avoid bad or dangerous neighborhoods.  The US State Department issues travel advisories for countries deemed dangerous for travelers.  Some of the same countries are dangerous from a cybersecurity standpoint, too.

Geo-blocking is a tactic that basically says if you don’t have a business need to allow connections from or to these countries, then we will block access to those countries.  Cyber-crime hotbeds such as Russia, India, North Korea, and Vietnam spring to mind, but there are others.  This is usually accomplished by blocking entire IP address ranges or classes that have been assigned by IANA (Internet Assigned Number Authority) to those countries.  You can set up security on your website to block access to your website by users (or attackers) in those countries.  Again, this is an easy service to subscribe to.  Wordfence and other popular website security products will provide geo-blocking.  This can be accomplished on most firewalls too.  Most modern email systems allow for geo-blocking as well.  If you or your staff have no reason to connect to sites in other parts of the world, those countries can be blocked.

Geo-blocking is quite effective, and has become one of the go-to tactics for cybersecurity and network profession to deploy.  On Friday we will discuss sender blocking and domain blocking, and how they might fit into your cybersecurity practices.

More information:

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.