Risks associated with IP whitelisting



  • I was told that IP whitelisting should not be considered safe and are hence obsolete.

    I fail to understand why this statement holds: can IPs be impersonated? if not, then why is it a bad/obsolete way of securing a service? (assuming the traffic can't be sniffed)



  • As with many/most/all things in security, this will depend on the threat model of the service(s) you're looking to protect.

    The downside of IP address whitelisting as a single control is that it assumes that you can trust all the traffic that comes from the white listed addresses, which is often not a great assumption to make, especially on larger networks. On a smaller network where you control all the endpoints though, it might be a reasonable control to use.

    Also, it's often not a bad control layer to use as part of an overall security plan. For example white-listing on the Internet, where you're only expecting traffic from a small number of source IP addresses, can cut a load of noise and random attacks off from targeting your service.

    To provide one example of why you may not want to rely solely on white-listing. Imagine a scenario where you white-list a network for access to a service, and then within the white-listed network, someone starts a proxy server. Now untrusted users can use that proxy server to access your service.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2