[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Allowing network access only to US subnets

Posted on 2006-10-25
6
Medium Priority
?
310 Views
Last Modified: 2010-04-11
Is there a way to allow access to my network only from specific US subnets?  Is there some kind of list or at least some software or hardware device that will enable me to maintain an IP address access list so my website/FTP site can't be accessed from any IP address other than a US based address?  My router only has the ability to block/allow up to 10 or 20 address ranges so I may need another solution.  Any help will be greatly appreciated!
0
Comment
Question by:mbbuechler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 800 total points
ID: 17803402
0
 

Author Comment

by:mbbuechler
ID: 17803497
OK, this is interesting and very helpful.  However, I think I need a bit more help to utilize this database.  I'm assuming I can't use my router (a D-Link DGL-4300) to reference this list.  Is there a router that can use ad-hoc IP address lists for blocking subnets?  (I need an actual hardware solution)  Or, is there a way (at least) to use some software on my server to prevent access to services like FTP, IIS, etc. using this database?
0
 

Expert Comment

by:naveen_b81
ID: 17809814
any cisco router will be able to block you to specific ip addresses/ subnets. or any router with firewall capabilities can do the blocking. I am not sure whether your DLINK model has that capability.
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:mbbuechler
ID: 17810929
Well, my router supports this but has a limit of 20 entries in the database I think - not nearly enough to allow only ALL U.S. subnets.  I'm looking for a solution that will allow hundreds of entries and that will be easy to maintain by allowing a global update of the allow/block lists.  Does something like that exist?
0
 
LVL 24

Accepted Solution

by:
SunBow earned 1200 total points
ID: 17815580
No. And the list or ".us" is a larger set than only Con_us. Still, better to disable all, then reenable as used.

Where most of what you want blocked is based upon a port or two, those can easily be easilt blocked. Block all the FTP traffic, for example. You can also move server back a step to alternative subnet.
0
 

Author Comment

by:mbbuechler
ID: 17818332
SunBow - that's the answer I was looking for.  Thanks for the feedback.  Also, thanks to PowerIT for the great information!  I'll be splitting points on this one - thanks again!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question