I heard that - should block connections your from foreign - is this true?
I am currently outside the US trying to log in to my health care provider's website and the connection just times out. I reached out to them on Twitter and they told me that as a security measure they block connections from outside of the US and suggest I use a VPN.
So great, I can use a VPN to solve my problem. But I am curious, is there any real security advantage to this sort of IP address blocking? I am a geek (web developer), but not a security specialist so I am sure I am missing something, but it seems to me that if I can use a VPN to connect from Europe then any reasonable hacker would just do the same thing.
The answer to - should block connections your from foreign is -
The concept is "reducing the threat surface". If there is an expectation that no connections will be made from a certain geographic area, then it makes sense to block that area, because, by definition, it is not legitimate. In theory. (For a health provider, it's a weird choice since customers might want to manage their health while travelling, but this is a side issue.) For one company I worked for, there was a list of countries that listed the Top 12 worst offenders for cybercrime, and we did not have any customers in those countries. So, it made sense to block them.
Could attackers use proxies/VPNs to attack from an allowed IP? You bet.
Did they? Who knows. Did we experience high volumes of attacks from those 12 counties anyway? Oh yes. We saw an immediate 80% drop in traffic to our web servers when we started the geo-IP ban.