SS-17-002 IP Blocking

Issue Date: 5/15/2017

PURPOSE

Monitoring and controlling the flow of network traffic at the boundary of the state network provides the ability to protect it from malicious software, security attacks, external entities with malicious intent, denial of service attacks, and other security risks.  This standard establishes criteria for blocking network traffic from IP addresses and IP address ranges at the boundary of the state network.

SCOPE and AUTHORITY

Information Technology Policies, Standards and Guidelines (PM-04-001)

STANDARD

The Georgia Technology Authority (GTA) will block IP addresses and IP address ranges that GTA determines are associated with malicious software, security attacks, external entities with malicious intent, denial of service attacks, and other security risks.  The list of IP addresses being blocked varies over time and the GTA uses various sources of intelligence about those addresses, including:

  • Traffic analysis at the State of Georgia border firewalls

  • Georgia Information Sharing and Analysis Center(GISAC)

  • Multi-state Information Sharing & Analysis Center (MS-ISAC)

  • United States Computer Emergency Readiness Team (US-CERT)

    RELATED ENTERPRISE POLICIES, STANDARDS AND GUIDELINES

    Network Security Controls (PS-08-027).

    Network Security - Boundary Protection (SS-08-047)

    Malicious Code Incident Prevention (SS-08-033)