In a scenario where your SMB or enterprise gets constantly bombarded
(portscans, brute force, spam, etc.) by Russia, China, Brazil, et al., and
where you don’t do business in these countries, where’s the best place to
block them?
Here are a few options (add as necessary):
-
Border router ACL
-
Firewall ACL
-
Separate, dedicated appliance
-
Network IPS
-
Border router routing (blackholing)
This is also assuming you can’t do a simple, tight whitelist ACL on
the firewall–which would make the solution pretty easy–and instead have to
specifically blacklist because there are a large number of legitimate
foreign IP blocks.
Related: Do you guys blacklist at a granular level (hundreds or thousands of
networks), or do you do only the few primary /8’s?
What are your thoughts on the best method?
0 responses on "Why Some Businesses Require You to Sign Your Credit Card Receipt and Others Don’t"