Global Access Control: Blocking High-Risk Regions
Introduction
Purpose
This document outlines the measures we take to secure and block access to critical and sensitive company resources from certain regions and countries around the world, primarily based on the OFAC List issued by the U.S. Treasury Department as well as countries that are or have strong indications of dictatorship or authoritarian states.
Overview of OFAC
What is OFAC?
The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency of the U.S. Treasury Department. It administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.
Access Control Measures
Geolocation Blocking
We use geolocation technology to identify and block access from prohibited regions and countries.
IP Address Filtering
IP address filtering is employed to detect the geographical location of incoming traffic. If an IP address is identified as originating from a restricted region, access is automatically denied.
Geolocation Databases
We utilize reputable geolocation databases and services to maintain accurate and up-to-date information on IP address locations. These databases are regularly updated to reflect changes in IP allocations and regional boundaries.
Implementation Details
Technical Implementation
Our technical implementation involves multiple layers of security to ensure robust access control.
Conditional Access Policies
Conditional access policies are set up to enforce access controls based on the geographical location of the user. These policies use a combination of signals to determine the user's location and apply the appropriate access controls.
Location-Based Policies
Location-based policies are configured to block access from specific regions and countries. These policies evaluate the IP address of the incoming request and compare it against a list of restricted locations. If the IP address matches a restricted location, access is denied.
Real-Time Evaluation
The system evaluates access requests in real-time, to ensure that the user's location is checked against the most current list of restricted regions and countries. This real-time evaluation helps in promptly blocking access from newly restricted locations.
Regular Updates
We update our geolocation data and restricted location list regularly to ensure that our blocking measures are current and accurate. This includes incorporating the latest changes in the OFAC List and following relevant geo-political news to adjust policies accordingly.
User Notification
Access Denied Messages
When access is denied, users are notified through an error message.
Contact Information
Users who have questions or require assistance are provided with contact information. This allows them to reach out to our support team for further clarification or to request an exception if applicable.
Author | @Daylan Araz |
---|
© 2024 Unique AG. All rights reserved. Privacy Policy – Terms of Service