| ▲ | progbits 2 hours ago | |
Anyone who relies on IP filtering for security deserves to have it broken. Change my mind. | ||
| ▲ | omh 2 hours ago | parent | next [-] | |
I'll take that bait ;-) IP filtering is a valuable factor for security. I know which IPs belong to my organisation and these can be a useful factor in allowing access. I've written rules which say that access should only be allowed when the client has both password and MFA and comes from a known IP address. Why shouldn't I do that? And there are systems which only support single-factor (password) authentication so I've configured IP filtering as a second factor. I'd love them to have more options but pragmatically this works. | ||
| ▲ | apexalpha an hour ago | parent | prev | next [-] | |
IP filtering + proper security is better than just having the security. There's value in restricting access and reducing ones attack surface, if only to reduce noice in monitoring. | ||
| ▲ | sebiw 2 hours ago | parent | prev [-] | |
Defense in depth is a thing but I agree that relying on it is not a good idea. | ||