📝 My Blog

🔐 How I Automated IP Blocklists in Python

Published: February 2025

In one of my recent cybersecurity practice tasks, I was given a scenario: maintain a list of IP addresses that are allowed to access a secure system. Occasionally, some of those IPs must be removed from the list for security reasons — maybe due to expired access, policy changes, or suspicious activity. This gave me the perfect chance to build a practical Python script that mimics real-world firewall management.

🚩 The Problem

Manually editing access lists is risky. Mistakes happen, and as the list grows, it becomes harder to manage. I needed a way to:

• Read an existing list of allowed IP addresses from a file
• Compare it with a “remove list” of IPs to be blocked
• Update the original file so only valid IPs remain

⚙️ The Python Solution

I used the `open()` function to read files safely and Python list methods to filter the IPs. Here’s a simplified version of my approach:

import_file = "allow_list.txt"
remove_list = ["192.168.0.101", "192.168.0.105"]

with open(import_file, "r") as file:
    ip_addresses = file.read().splitlines()

for ip in remove_list:
    if ip in ip_addresses:
        ip_addresses.remove(ip)

with open(import_file, "w") as file:
    file.write("\n".join(ip_addresses))
  

This script ensures that only authorized IPs remain on the allowlist — automatically and consistently.

🧠 What I Learned

The best part of this task was realizing how much **basic scripting** can help reduce **human error** in cybersecurity. I also practiced working with files, loops, and list operations — foundational skills for automation.

🔒 Security Takeaway

In real-world cybersecurity, **automation** and **principle of least privilege** go hand-in-hand. This kind of script would be useful in a system where dynamic access is granted and revoked regularly — especially in cloud or enterprise environments.

📄 View Full Project PDF

🔐 What is Least Privilege? (NIST AC-6 Explained)

Published: August 2024

While studying real-world cybersecurity case studies, I came across an incident involving a major data leak caused by simple human error and poor access management. It made me reflect on one of the most overlooked — yet powerful — cybersecurity principles: least privilege.

🕵️ The Real-World Scenario

A sales manager shared an internal folder containing confidential files with their team during a product strategy meeting. After the meeting, they forgot to revoke access to that folder. Later, a sales rep accidentally shared a link to the entire folder — thinking they were sharing only the promotional materials — with a business partner.

That partner, unaware of the sensitivity, posted the folder publicly on social media. The damage was done: internal strategy, unreleased product details, and customer analytics were all exposed.

💡 How It Could Have Been Prevented

This incident could have been avoided if the organization had enforced the principle of least privilege. This principle means users should only have the **minimum access** needed to do their jobs — and no more.

🔍 The Role of NIST SP 800-53: AC-6

According to NIST SP 800-53, control AC-6 enforces least privilege by recommending:

• Granting access based on user roles (Role-Based Access Control)
• Automatically revoking access after a specific time
• Keeping logs of user actions for accountability
• Regularly auditing access permissions

Had the team implemented automatic expiration or limited folder access to only necessary documents, the leak likely wouldn't have occurred.

🎯 My Reflection

Studying this case reminded me why I care about cybersecurity. It's not just about fancy tools or firewalls — it's about thinking critically and planning access wisely. This principle is simple, powerful, and essential for anyone managing data.

📘 Bonus: What You Can Do

If you're working with shared data, consider using access expiration, folder-specific permissions, and activity logs — even in smaller teams or academic projects.

📄 View Full PDF Report