Threat Matrix: October Edition
In this edition of Threat Matrix, we explore social engineering attacks via Microsoft Teams, hacked robo-vacuums harassing pets, large-scale data breaches, more!
As businesses navigate the ever-evolving and increasingly distributed digital landscape, ensuring secure access to resources has become more crucial than ever. An IP allowlist (also known as an “IP whitelist”) is an easy-to-implement security function that acts as a virtual security guard for your digital systems. In this blog, we’ll explore what IP allowlists are, what they can (and can’t) do, and why they are particularly important for small and medium-sized businesses (SMBs).
Any discussion about IP allowlists must begin with an exploration of Multi-factor Authentication (MFA), a security layer that stands as the citadel in modern digital infrastructure.
ISC2 defines MFA as an authentication method requiring validation from at least two independent categories: something you know (like a password or PIN), something you have (a secure hardware token or a smartphone), or something you are (biometric data, such as fingerprints or facial recognition).
IP addresses fall into the bucket of “something you have.” They may not be physical somethings like a card or key, but are just as useful for controlling access to secure areas of your business. IP addresses are unique identifiers connected to your device, just like a hardware token. Moreover, they provide direct access to the internet, and in that sense, having control over a valid IP address is akin to having a physical key to a building.
This concept becomes clearer when we explore secure protocols like RDP (Remote Desktop Protocol) and SSH (Secure Shell). These technologies often use IP allowlists to guard system access to trusted users. By designating certain public IP addresses, organizations can ensure that only users with these IDs can connect to their servers.
An IP allowlist acts as an automated gatekeeper to your digital systems. Even if a malicious entity manages to steal login credentials, they can't access the system unless their IP address is on the allowlist.
It’s important to note that allowlists are not unbreachable, but that doesn’t mean organizations–particularly SMBs–shouldn’t implement them. IP spoofing and other allowlist-flaunting techniques are relatively resource-intensive maneuvers, which could be tapped by determined nation-state cyber teams but won’t necessarily be utilized by common cybercriminals who prefer exploiting “low-hanging fruit” through easy-to-launch email attacks.
“IP allowlisting is the easiest way for small businesses to achieve a baseline level of security by fortifying their services”
— Han Wang, CISSP, Upfort CTO & Co-founder
“IP allowlisting is the easiest way for small businesses to achieve a baseline level of security by fortifying their services,” said Upfort CTO & co-founder Han Wang, CISSP. “RDP, in particular, is very easy to do since Microsoft provides allowlisting functionality out of the box. Still, many smaller organizations haven’t yet implemented allowlists—often because they’re not aware of the risks or precisely how to address them. That’s where a platform such as Upfort, which can verify correct IP allowlisting, can help.”
Upfort’s Vulnerability Manager conducts automated scans of companies’ digital infrastructure to surface exploitable security issues, such as key systems lacking allowlisting. The platform uses random public IP addresses to identify unprotected systems and surface them to your IT manager along with next-steps on how to sure up your defenses.
IP allowlists should be part of any modern security posture. For small businesses, it provides a necessary, albeit not infallible, baseline layer of protection that places your business above the low-hanging fruit.