IP address access control lists are not as great as you think they are

There ain’t no party like a TCP retry party

Scope

External IP addresses

Purpose

The problem (what we are currently doing)

We try and identify the IP address ranges

We never truly understand what are behind these ranges because we can’t see behind them

We assume what is behind them is ‘good’

Thus, we incorrectly attribute trust

IP addresses as one indicator in defensive depth (how we should use/trust external IP address in ACLs)

Try and identify the IP address ranges

Understand IP addresses are just a mild indicator for potential trust

Consider the use-cases

Implement defensive depth

  • log access/activity
  • monitor access/activity
  • actual authentication (client certificates, magic links, usernames/passwords, single/same sign-on, multi-factor authentication etc)
  • actual authorisation
  • build in defences against denial of service attacks, brute force attempts and credential stuffing

Filter out the noise if it still makes sense to do so

So, what are you saying?

Can we have some real-world examples?

--

--

--

The thin blue line between technology and everything else. joelgsamuel.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Reasons Why I Switched to the Brave Browser

A Career in Cybercrime? Here are the most Profitable Business Models

{UPDATE} Bullet Revolt Delta Operation Hack Free Resources Generator

TryHackMe: [Day 19] Blue Teaming Something Phishy Is Going On

About 300,000 JAM Tokens Airdrops Completed Review

Georgia Tech Researchers Meet at Google to Discuss Censorship Measurement

My Identity, My Choice — into the realm of self-sovereignty & decentralization

Introducing Capsule8: Industry’s First Container-Aware, Real-time Threat Protection for Linux

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joel Samuel

Joel Samuel

The thin blue line between technology and everything else. joelgsamuel.com

More from Medium

The privacy of Telegram users has been violated again.

SushiSwap vs UniSwap Gas fee

The compilation steps for C language

Escalate My Privileges:1 VulnHub (Walkthrough)