Website question

For my current project, I would like to tighten security dramatically by allowing access to it only from the United States and possibly Canada. Is there a way of doing that? Sort of like websites checked to see if you were in the U.S. or Canada before allowing you to download high encryption software. I have PHP, ASP, and Oracle to work with. Thanks.

Please Register or Log in to view the hidden image!

 

Log in or Sign up to hide all adverts.

I don't really think you could do that. (Though I'm not an expert on IT)

What you probably could do is specify a major list of ISP's who you would allow onto your website. But beware. There are many...

 

Log in or Sign up to hide all adverts.

You could probably code a cgi script to run an IP resolve for a canonical name (domain name), then have the script check to see who the registeree is, and look for their Country line.

This would deal with most coutries, and resolve most ISP's and domains.

However the main one for dealing with this sort of issue is based on Ping speed, for instance if you've got someone accessing your site from Australia they have to go through multiple proxies to get to your site, which means their speed of connection is slowed down from not taking a direct route, where as someone thats connecting through the same exchange as you will have a fast connection rate (like 93ms or less)

This could be used to prove "distance travelled", however your system could be in the same country and pass through a circle of proxies to get to the target, making it appear your far away.

I don't think you'll be able to tighten it 100%, and I'm sure if someone wanted to get the software they could just do the following:

Hire a server in the US.
Rig a proxy connection and FTP server.
Download the Encrypted software using the Proxy server.
Then download from that Server to their "outside" Location.
(This would also give them the result of being about to "delete" their logs from that server, so any trail would stop there.)

 

Log in or Sign up to hide all adverts.

You could also do follwing:

• Hire NSA...
  
• Call FBI
  
• Contact George W.bush...
  

you could also...do...this...that...ummm...yeah...

Please Register or Log in to view the hidden image!

Please Register or Log in to view the hidden image!

bye!

 

There are no borders on Internet...

 

There are if you try to access the showtime website.

 

This might not be true anymore, and it might not be 100% effective, but I remember that you could not download a browser with 128 bit encryption from MS without being in the US or Canada. Maybe that will help.

 

I guess that MS just checked the Windows version (US, UK, FR,...).

 

US and Canada? What about your British friends?

I had problems downloading PGP (encryption software) from the UK because the site didn't want to give it to non-Americans. It did not seem hard to bypass though and as of yet I have not used it to coordinate terrorist attacks.

I think they've changed that now but you could always write to their webmaster and ask how he did it.

 

Blue UK, this has nothing to do with Terrorist attacks or anything of that sort. The United States has had laws limiting or preventing the exporting of encryption software or techniques for years. Why? I'm not sure. The US government can really be a pain when it comes to encryption. I recently was reading a book on basic encryption and they got to the section on public key encrpytion (e.g. PGP) and they said...basically we cant tell you how its done, because this book might be sold over seas. Sorry.

The US only wants you to use encrpytion that THEY have the key for.

-AntonK

 

Better choose something else than PGP... and use 1024 or 2048 keys (but if your e-mail is sent to a foreign country! Then it would be illegal)

 

Actually the Laws weren't about terrorism, it was also about other crimes like Fraud and Espionage.

The US passed a law that basically allowed them to view any information on the internet, but this meant if it was encrypted it obviously couldn't be viewed without gaining the de-encryption keys.

The US can implant keyloggers onto your system and other methods (Carnivore, Magic Latern) to gain access to your encrypted information, but doing so causes quite a stink among officials.


The UK also too passed it's own laws (thanks to Jack Straw) where by law if the government want's to see any data that has been encrypted, you have to hand over your encryption keys or face imprisonment.

I mention all this sketchily because it's from memory but I'm sure more could be found with a google search, or this link:

http://www.cyber-rights.org/crypto/ukpolicy.htm

 

PGP update their software every now and then.

AntonK, you sound like you already know (probably more than me), but just in case you didn't the PGP program comes with a help file that explains public key encryption. Something to do with one-way functions. The basic formula is quote simple as I remeber (a mod function and a power fuction).

Anyway, I heard the US government was pushing for organisations to use their encryption chipsets, to which they had a duplicate set of keys! (Another nugget from the PGP help file)

 

Slacker.

As I remember the US considered encryption software to be munitions and restricted their export. Of course you can give weapons to the contras with impunity, but crypto...whoa. Anyway, I think that this was repealed.

 

I found a software for your problem (IP-country) :
http://www.maxmind.com/app/country
Have a look on it... There's also a C lib and a Perl module (Geo::IP). I found it in my IDS (Prelude).

 

And an other web site (seems to be a php web service) : http://www.ip-to-country.com/