[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 311
  • Last Modified:

Allowing network access only to US subnets

Is there a way to allow access to my network only from specific US subnets?  Is there some kind of list or at least some software or hardware device that will enable me to maintain an IP address access list so my website/FTP site can't be accessed from any IP address other than a US based address?  My router only has the ability to block/allow up to 10 or 20 address ranges so I may need another solution.  Any help will be greatly appreciated!
0
mbbuechler
Asked:
mbbuechler
2 Solutions
 
mbbuechlerAuthor Commented:
OK, this is interesting and very helpful.  However, I think I need a bit more help to utilize this database.  I'm assuming I can't use my router (a D-Link DGL-4300) to reference this list.  Is there a router that can use ad-hoc IP address lists for blocking subnets?  (I need an actual hardware solution)  Or, is there a way (at least) to use some software on my server to prevent access to services like FTP, IIS, etc. using this database?
0
 
naveen_b81Commented:
any cisco router will be able to block you to specific ip addresses/ subnets. or any router with firewall capabilities can do the blocking. I am not sure whether your DLINK model has that capability.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
mbbuechlerAuthor Commented:
Well, my router supports this but has a limit of 20 entries in the database I think - not nearly enough to allow only ALL U.S. subnets.  I'm looking for a solution that will allow hundreds of entries and that will be easy to maintain by allowing a global update of the allow/block lists.  Does something like that exist?
0
 
SunBowCommented:
No. And the list or ".us" is a larger set than only Con_us. Still, better to disable all, then reenable as used.

Where most of what you want blocked is based upon a port or two, those can easily be easilt blocked. Block all the FTP traffic, for example. You can also move server back a step to alternative subnet.
0
 
mbbuechlerAuthor Commented:
SunBow - that's the answer I was looking for.  Thanks for the feedback.  Also, thanks to PowerIT for the great information!  I'll be splitting points on this one - thanks again!
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now