We want to reduce the number of phishing sites that our users can get to. Would it be useful or more problematic to block outbound connections by geo IP? We already block many inbound connections by country. I know it won't block all phishing sites.
Asked
Active
Viewed 277 times
3
-
1There are related questions. The concerns about impacts on inbound traffic will be similar to outbound traffic: https://security.stackexchange.com/questions/201617/country-blocking?rq=1 and https://security.stackexchange.com/questions/72230/is-blocking-a-countrys-access-to-a-website-a-good-measure-to-avoid-hackers-from?noredirect=1&lq=1 – schroeder Feb 11 '19 at 21:22
1 Answers
3
I worked in a company that considered this. Here's the problem: if any of your employees have any legitimate need to access sites from those countries; news from home, travel to those countries, etc, then you block that legitimate access, too.
If you look at the "usual suspects" and name Russia and China as common phishing site hosting locations, then by making a corporate decision to block any internet traffic to those countries, you set up a prejudicial environment in your workplace at a corporate level about the people from those countries. Please consult your HR department before considering implementing this.
There are lots of other ways to block phishing sites and if you consider the human effects, those other ways tend to have less tangential impact.
schroeder
- 123,438
- 55
- 284
- 319