Global Access Control: Blocking High-Risk Regions

Introduction

Purpose

This document outlines the measures we take to secure and block access to critical and sensitive company resources from certain regions and countries around the world, primarily based on the OFAC List issued by the U.S. Treasury Department as well as countries that are or have strong indications of dictatorship or authoritarian states.

Overview of OFAC

What is OFAC?

The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency of the U.S. Treasury Department. It administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.

Access Control Measures

Geolocation Blocking

We use geolocation technology to identify and block access from prohibited regions and countries.

IP Address Filtering

IP address filtering is employed to detect the geographical location of incoming traffic. If an IP address is identified as originating from a restricted region, access is automatically denied.

Geolocation Databases

We utilize reputable geolocation databases and services to maintain accurate and up-to-date information on IP address locations. These databases are regularly updated to reflect changes in IP allocations and regional boundaries.

Implementation Details

Technical Implementation

Our technical implementation involves multiple layers of security to ensure robust access control.

Conditional Access Policies

Conditional access policies are set up to enforce access controls based on the geographical location of the user. These policies use a combination of signals to determine the user's location and apply the appropriate access controls.

Location-Based Policies

Location-based policies are configured to block access from specific regions and countries. These policies evaluate the IP address of the incoming request and compare it against a list of restricted locations. If the IP address matches a restricted location, access is denied.

Real-Time Evaluation

The system evaluates access requests in real-time, to ensure that the user's location is checked against the most current list of restricted regions and countries. This real-time evaluation helps in promptly blocking access from newly restricted locations.

Regular Updates

We update our geolocation data and restricted location list regularly to ensure that our blocking measures are current and accurate. This includes incorporating the latest changes in the OFAC List and following relevant geo-political news to adjust policies accordingly.

User Notification

Access Denied Messages

When access is denied, users are notified through an error message.

image-20240826-084944.png

Contact Information

Users who have questions or require assistance are provided with contact information. This allows them to reach out to our support team for further clarification or to request an exception if applicable.


Author

@Daylan Araz

© 2024 Unique AG. All rights reserved. Privacy PolicyTerms of Service