GeoIP filtering can be a powerful form of security, but only if used correctly.
GeoIP filtering, a technology that can block web traffic from entire countries, can be an effective way to stop hackers from attacking your business. As the name suggests, it blocks network connections based on geographic location – information it gets based on IP addresses. This can then be used to filter and prevent both outgoing and incoming connections to and from your business.
The fact is cyber crime is a growing business with worldwide reach, and a typical UK company might find itself being attacked by hackers from almost anywhere on the planet at any time. Yet the majority of attacks come from just a few main countries, including Russia, Brazil and China. Logically, then, it makes sense to simply cut off access to your computers and networks from those locations.
At TMB, for example, we’re able to set up the SonicWall firewalls we supply to do just this, and it’s something we often recommend for our customers. Yet there are also situations when it’s not so useful – at least not without some additional configuration.
If your business is entirely UK based, and you have no reason to accept incoming online communications from other countries, then whole-country geoIP filtering makes perfect sense. But if you deal with customers from abroad or you want people from other countries to access your website, then you have to think more carefully about who you can block.
Furthermore, chances are that even if you don’t deal with customers from overseas, you’re possibly using software or online services that are hosted in locations outside the UK – such as webmail or web hosting. In any case, you’ll need to allow these through your firewall too.
That might, for instance, mean allowing traffic from the US – potentially a bit of a problem when you consider how much malicious internet traffic originates from there. But even so, there are many other nations you can block, which you have no reason to accept connections from, and it’s here that geoIP filtering is worth its weight in gold.
While simply cutting off entire countries can be quick and effective, it often makes more sense to tweak geoIP filtering settings to make your web blocking more sophisticated. You might, perhaps, block only certain IP addresses, certain ranges of IPs or lists of IPs known to be malicious. Or, if you do go ahead and block a whole country, you can create rules in your firewall that make exceptions and allow trusted (white-listed) IP addresses to access your systems.
Such tweaking can also be helpful if you have staff travelling abroad, whether for work or pleasure. If you want them to be able to access your business network while they're away, then you can temporarily stop blocking the country they've gone to or whitelist their IP.
Like any security measure, geoIP filtering has its limitations. As well as potentially blocking legitimate online traffic, it won't be able to prevent a targeted attack, because criminals can easily hide their location, so although they might be based in one country, they can use servers and compromised computers in other locations to actually launch their attacks from. That means, of course, they could attack you from the UK or other places that aren’t included in your geoIP filtering.
In the end, there’s very little you can do about that, and geoIP filtering should be considered just one tool in your cyber security arsenal, to be used in conjunction with other technologies and methods. It won’t stop everything, but if used correctly, it’s often better to have it switched on than not.
Interested in deploying geoIP filtering in your own cyber defence plan? Contact us to find out how we can help.