Is IP whitelisting for webpage access secure enough?

First of all, make sure your Web site has all the necessary protection against typical XSS and CSRF threats, where a victim's browser, which sits on an IP address you've allowed to access the data, is tricked into revealing your data to a third-party.

Regarding IP ACL-based authentication in general, as long as it's only read access, you're probably fine with that. Nevertheless, it might be useful to know that under certain circumstances and given necessary preconditions, a motivated attacker can use BGP hijacking to impersonate your users for a relatively short period of time.

This method is somewhat easier to perform if an attacker is able to find out what source IP addresses are allowed to access the data; however, using methods similar to what have been discussed in this talk (video, slides, whitepaper), this requirement can be further lifted. (I'm the author of said whitepaper, so don't hesitate to ask for further clarification if you'd be willing to)

For most applications though, it's rather hypothetical, as it is unlikely that such a complex approach would be taken by an attacker, however, it heavily depends on how precious your data could be for a malicious person.

With respect to write access, IP whitelisting for TCP-based services in general should not be considered safe anymore, as a TCP connection can be successfully spoofed nowadays, given enough bandwidth and computational power on behalf of an attacker. However, using TLS is currently enough to mitigate this.

If only people from within your organization should ever be allowed to access the landing page, it might be a good idea to set up a proxy on the Intranet and to allow only Intranet addresses to access the data via that proxy. How the proxy authenticates on MC is more or less up to you. For an out-of-office access, a VPN could be set up, eliminating almost all the exposure to the general public (obviously except for browser-based attacks I've mentioned previously).


Depending on how much flexibility you have, you can consider adding any of these options to your IP address check:

  1. You can you create some random tokens that expire every few days and use them as part of the URL parameter. This is similar to what most web applications do for password reset; when they email the user a link that contains a URL with a random token that expires within a few days or hours.
  2. You might also consider implementing SSO (single sign on) for this application. This is going to be a big and complex task. By implementing SSO, you won't need to check the IP address anymore.
  3. Another option would be that you send a PIN to the users every day and have user to enter their PIN. The PIN should be random too. This is a very weak approach, but combined with the white listed IP address, you are at least adding another layer to your security.

Tags:

Ip

Web Browser