Why It Matters?
Restricting access to critical resources to sanctioned IP addresses reduces the attack surface by ensuring that authorizations are coming from approved network locations. This restriction minimizes unauthorized access and blocks geo-distributed attacks.
What Exactly Does This Policy Do?
This policy helps protect from unapproved network locations by restricting access to specific, sanctioned IP addresses (as defined by the U.S. Department of the Treasury's OFAC). The policy can be further enhanced by adding other contextual attributes and additional friction such as MFA.
