Hya
Lately we have received a increased numbers of requests from customer employed by some banks and working in homeoffice a home office via remote access to their bank, asking us to confirm that we only assign 'swiss' IP addresses to our customers.
Well I usualy replied to those customers, that they can check the status of their IP address at RIPE and check to which country their allocation or assignment is registered. Apparently this is not enough. FINMA has made it a requirement, that if some bank employee wants to work from home, they need a written confirmation from their ISP that this ISP is not assigning IP addresses to customers outside switzerland and that the IP address the customer is using is operated in switzerland and cannot be used from abroad or assigned to customers outside switzerland.
I got in contact with one of those bank's security department to explain to them, that of course we correctly register our IP ranges at RIPE and that no, we cannot guarantee that our customers do not operate VPN or Proxies etc, which would make it possible to use IP addresses from abroad. And of course we have business customers with branch offices all over the world which could be using their IP Range to route part of it outside switzerland to such an office. I wanted to know why the information about ranges as registered @ RIPE are not good enough for the FINMA and how we could positively answer the question that we do not assign IP addresses to devices outside switzerland.
I was told, that there apparently are plenty of ISP in Switzerland, which assign 'foreign' IP addresses to their customers and that there are also switzerland based ISP which use their 'swiss' IP allocations to provide internet access to customers located outside switzerland, which causes legal problems if such an IP is used to access servers run under FINMA policies.
This is why FINMA requests that an ISP confirms that he uses his IP addresses exclusively for CPE located in switzerland. they
Hmm, I wonder.. which ISP do operate IP address ranges in switzerland which are registered at RIPE to some other entity not located in switzerland? Which Swiss ISP do offer services outside Switzerland using IP Ranges that are registered @ RIPE with Country: CH?
Or have I found a 'papiertiger' policy written by someone with no clue how IP assignment by RIPE works?
Mit freundlichen GrĂ¼ssen
Benoit Panizzon