Using geofencing technology as a security tactic appears to be picking up steam. Why and where would someone want...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
to geofence access to a server with their DNS settings?
A geofence is a virtual perimeter around a given geographic area that can provide an additional layer of access control to company resources, not just servers. When combined with other context-aware restrictions, like the time of day and the type of endpoint device, it increases the level of granular control administrators have over access rights. For example, the functionality and data access rights assigned to a mobile app can change automatically based on the device's location relative to geofence boundaries.
Using geofencing technology is also becoming a popular method for ensuring devices do not leave defined areas, like an office campus. If a device leaves a geofenced area, an app installed on the device can trigger various actions, such as sending real-time notifications of the device's whereabouts, encrypting data on the device or disabling sensitive functions.
Domain name system (DNS) geofencing filters can determine the country from which a device is trying to access a server or resource based on its IP address. IP databases and geo-IP applications, such as IP2Location, can identify a user's time zone, ISP and domain name, international direct dialing country code, area code and so on. When a request is received, the IP address is checked against a whitelist or blacklist of geographies to determine if the request should be granted or denied.
However, an attacker can easily mask or change their IP address using a proxy server, virtual private network or DNS service to make it look like they are accessing the internet from another location. But DNS filters can still be useful in situations where a server or resource should only allow access from specific, known IP addresses, such as a branch office or partner office.
Enterprises running networks with sensitive resources should consider upgrading to multifactor authentication products that provide context and constant behavioral checks, instead of relying solely on account credentials to authenticate users. Additional checks, such as IP reputation, geolocation and geo-velocity, make it harder for hackers to impersonate valid users.
While geofencing technology can provide innovative access control, it isn't perfect. Active geofences require an end user to opt in to location services and to allow a mobile app to be open. On certain devices, the GPS data can be spoofed; this means that, in order to be reliable as an enterprise security strategy, geofencing technology can't rely solely on GPS location data, but must use local Wi-Fi and Bluetooth beacons that cannot be spoofed.
Learn how using geofencing can improve your enterprise's security
Find out the best products and services for IT asset tracking
Read about using location-based services to reach out to customers
Dig Deeper on Data security strategies and governance
Related Q&A from Michael Cobb
After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the ...continue reading
The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb ...continue reading
Attackers can gather payment card data by carrying out distributed guessing with a minimal amount of existing information. Expert Michael Cobb ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.