Using GEO IP blocking prevents locations of your choosing from accessing your network,sending emails to you, or accessing your cloud services and can protect against international cybersecurity attacks. It can also be used to block connections outbound (coming from your network) to certain regions. Sounds great, right?
You may think 'We are in the US, and only do business with those, in the US, so a quick firewall configuration later we are protected.' If only it was that easy. GEO IP Blocking is just a single layer of a multilayered security strategy. If you are thinking about focusing on GEO IP alone - here are some considerations:
It's easy to get around GEO IP Blocks
In the vast majority of cases all that is needed to avoid a GEO IP block is to hide or disguise your IP address. The following methods are frequently used to bypass GEO IP Blocks:
● Virtual Private Network (VPN) - VPN services allow anyone from anywhere to pick an IP from a location that they specify. For example, you may have Australia blocked from your business located in the United States. However, using a VPN service a website visitor can use a VPN service to make their IP address appear as if they live in the United States. This makes it easy for even novices to hide their true location.
● Proxy Servers - Proxy Servers are another useful method for people who want to hide
their true location. Instead of changing the IP address of the user, the server retrieves content for the user and then passes it on to them.
● Browser Plugins - There are free and paid browser plugins that can be installed in a
couple of clicks, that act as a VPN.
Advanced hackers are not using IPs from their location
If it is easy for even a non tech savvy user to hide their location, then a skilled hacker will be smart enough to conceal their location. In fact in most cases, they are using IPs that are from the United States. So blocking a country does not necessarily get rid of the attackers that reside in the locations that you do not want to have access to your network. This is done most often by
using a compromised system already located in the local area as a proxy for their activities.
You could inadvertently be making it difficult for your customers to reach you
There may be instances where a customer's technology may appear like it's located in a country that you blocked. For example, the customer that you are doing business with may be United States based but the technology provider they are using may have an IP address based in a country that you have blocked. Also the Geo IP database listings are not always accurate. It is critical that you assess and monitor the various IP destinations and sources used in your business before Geo IP blocking is implemented.
Is it worth it?
Absolutely! While GEO IP single-handedly cannot block international cyber criminals entirely, it is a critical part of your layered security model. Many command and control servers and bad actors still use infrastructure local to their native country, and GEO IP databases are largely accurate. With proper planning and ongoing monitoring GEO IP blocking can be a great help in
enhancing your overall security posture.
There also may be agreements that you have with your company's vendors that prevent your service or product from being available in certain locations. Different locations are subject to different laws and regulations that further contribute to the need to have restrictions on who has access to your company's network. In this case, GEO IP Blocking can assist you in controlling
where your content or services are available allowing you to abide by various agreements and
GEO IP Blocking is extremely effective in reducing malicious activity, but be aware that threats can still access your network.