Home

Are you geo-blocking traffic from Russia? Do you consider geo-blocking to be an effective method?

We are not actively doing it yet, but we are staying alert to the situation and monitoring the traffic and anomalies, threats.  In my view geo blocking is not very useful and the protection it offers is very basic, which IPV6 and a good VPN tool can get around. 

231 views
12 comments
5 upvotes
Related Tags
Anonymous Author
We are not actively doing it yet, but we are staying alert to the situation and monitoring the traffic and anomalies, threats.  In my view geo blocking is not very useful and the protection it offers is very basic, which IPV6 and a good VPN tool can get around. 
5 upvotes
Anonymous Author
We're not geo-blocking traffic from Russia at the moment, mainly because a targeted attack would be bounced via another territory so it wouldn't be effective. 
5 upvotes
Anonymous Author
Geo-blocking is great for IPV4, but sadly IPV6 usage is increasing and doesn't really get fenced. We've actually found that in most cases our firewall was simply trying to block all IPV6 traffic, so had to make rules to simply allow any ipv6 to stop key remote users losing access to systems.
3 upvotes
Anonymous Author
I work for a higher education institution, and we have a very diverse population of international students, including Russian students. A few thoughts here: 1) Implementing geo blocking / geo controls for those students / customers that are not at the helm of this war is not appropriate. Adding additional layers of controls, such as MFA restrictions, would also be targetting a group of people that would not necessarily deserve these additional hoops. 2) Geo blocking is ineffective against the real threats we are seeing and will see from Russia. The cyber tactics used by the advanced cohort of attackers will not blatantly come from their home soil IP addresses. As with any attack, they will bounce across multiple nodes and servers to mask their true identity / location. By the time your geo blocking effectively blocks some honest Russian traffic, you're already being hit from other areas originating from Russia (unbeknownst to you). 3) Until all countries decide to block all traffic from Russia, this will be an ineffective mechanism. Even if we all block them on the pipe, there will still be alternate routes to get that traffic around (satellite for example). What we are doing as an institution is continuing our defense in depth strategy which includes multi factor authentication, advanced / heightened monitoring, continuous pentesting to close any holes, and other controls based on our cybersecurity strategy and roadmap. Hope that helps give some insight.
3 upvotes
Anonymous Author
No. We are a university and this would really just negatively impact Russian students and faculty while providing minimal extra benefit for our use case as the malicious actors could just hop to a server elsewhere
3 upvotes
Anonymous Author
Yes we do, all the countries we do not do business with. Its a best practice but won’t stop a targeted attack (its easy to bypass and launch the attach from another country), but in the layered approach of security i.e defence in depth it plays a role and should be implemented
2 upvotes
Anonymous Author
not doing now but just analyzing. No serious damage would occur from Russia driven IP - they would use jump IPs for sure 
2 upvotes
Anonymous Author
Yes, we are geo-blocking any country which we do not do business with. It is a good first step for us to block unwanted and suspicious activity to our tenant.
2 upvotes
Anonymous Author
Currently no. Not blocking. I have always found geo blocking to be more like a sign which says "no entry". If someone really wants to get around it they will. But i can understand why some people do though. A layered approach to security is never a bad thing!
2 upvotes
Anonymous Author
We are not geo-blocking traffic.  We use other tools to protect ourselves.  Geo-blocking can be effective in the right type of organisation.  Each organisation should do its own risk assessment before embarking on each type of protection.  What may be effective for one company may give false hope to another.
2 upvotes
Anonymous Author
Yes we do block, however the system is not prefect and can easily be bypassed. IPV6 makes matters more complicated. People who access from business system with internet breakout all over the world can easily get caught up as a false positive. Mobile data networks can also be problematic as their actual point of presence is hard to confirm.
2 upvotes
Anonymous Author
Nope :)
1 upvotes