If I have specific foreign domains that need SSL I will exempt those as needed. Outbound to all other countries IPs, okay for HTTP only. (Previously this rule allowed outbound to any country other than Iran and Syria). HTTP, HTTPS, FTP, FTPS, some streaming protocols. Outbound to USA IPs, okay for a select number of services. My mail server only talks to them so there is a rule for that. Just starting the other day I decided to setup rules for the following (using Geolocation): I use an enterprise spam filter so that eliminates me needing to worry about random countries we need to email.
The other thing to keep in mind is, some countries, such as China, simply pose too great a threat to US based networks, so blocking them en masse is a logical security measure, however, blocking them may be a misplaced security measure and provide you with a false sense of security, as often the route taken is not a direct route. If you would rather just jump to denying access to a wide range of IPs, i still recommend you go through your logs on a regular basis and watch for how effective your rules are, and perhaps how they can be tweaked and fine-tuned. If you are receiving laborous traffic from an IP, regardless of where it is based, first consider an individual IP block, then consider a subnet block, then perhaps a larger block. The other recommendation i have is that you use your own traffic logs as a sounding board for what IPs to block, be it an individual IP or a country block, or an entire continent. As such, be aware of any policies or such which you may be required to follow in regards to blocking large. Your profile shows you are finance, and may work for a bank of some type.
0 kommentar(er)
