Enterprise Internet - Question

• Previous message (by thread): Enterprise Internet - Question
• Next message (by thread): Enterprise Internet - Question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jul 14, 2011, at 7:00 PM, Jimmy Hess wrote:

> On Thu, Jul 14, 2011 at 2:34 PM, Jeff Cartier
> <Jeff.Cartier at pernod-ricard.com> wrote:
>> -          How should/can an enterprise deal with accessibility to internet content issues? (ie. that whole coming from a Canadian IP accessing US content)
> You indeed might feed traffic towards such "IP restricted" sites
> through a transparent proxy server,
> or policy NAT based on destination IP, reducing all traffic towards
> those sites from "canadian"
> ranges, to a pool of  source IP addresses.
> 
> Just to take a jab at absurd "content restriction" by IP methods, a reminder...
> There's no such thing as a "US" IP address.   There's no such thing as
> a Canadian IP address.
> 
> There are IPs delegated to network operators who have an AS in certain
> countries,
> but that is no proof of country of origin.
> 
> What "country" is an IP address located in when it is assigned to a
> terminal server, VPN server,
> or proxy server in country $X, and there are authorized users that  connect
> from 16 different countries?
> 
> --
> -JH

Yep.... And let us also not forget that people travel. Imagine my surprise
when I tried to log into Wells Fargo from Kigali and got the message that
"You have authenticated successfully, but, we don't trust your current
location. Everything will be fine when you log in from home."

Of course, I did the seemingly obvious thing and logged in from home.
Yeah, not so much. That got my account completely locked out and took
a 2.5 hour phone call (well, series of phone calls, maintaining a VOIP
connection from Kigali for that long wasn't happening) where I had
to escalate up three levels of support representative before reaching
someone who could understand what VNC was and that it was indeed
possible for me to control  my computer in the US from my laptop in
Kigali and that I had indeed legitimately logged in from both locations
about 2 minutes apart.

To the best of my knowledge, while this person reset my account so that
I could log in (from my house), I don't think Wells Fargo has any intention
of rethinking their geo-IP based restrictions on logging in.

So, if you travel, consider carefully whether to try and log into something
directly vs. doing so over VNC.

Owen

• Previous message (by thread): Enterprise Internet - Question
• Next message (by thread): Enterprise Internet - Question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]