[Cialug] Connect Two Independent Sites

Brett Neese brneese at brneese.com
Thu Jan 9 16:13:30 UTC 2020 

But anyone who can spoof your IP (or simply get your network IP, ie, via a
guest wifi, for instance) can DDoS you. They won't get a response back, but
they would be able to send responses to.

Brett Neese
563-210-3459



On Thu, Jan 9, 2020 at 10:09 AM Scott Yates <Scott at yatesframe.com> wrote:

> I might argue that point.  I think a REST API served over https combined
> with ip whitelisting might have a smaller attack surface and sacrifice no
> security.
>
> On Thu, Jan 9, 2020 at 10:05 AM Brett Neese <brneese at brneese.com> wrote:
>
> > VPN is also a good option, and more secure than IP whitelisting. My
> > security friends highly recommend https://www.wireguard.com/.
> >
> > Brett Neese
> > 563-210-3459
> >
> >
> >
> > On Thu, Jan 9, 2020 at 9:58 AM Scott Yates <Scott at yatesframe.com> wrote:
> >
> > > I would tend towards an API with IP whitelisting.  It is the simplest
> to
> > > reason about.
> > >
> > > On Thu, Jan 9, 2020 at 9:49 AM Todd Walton <tdwalton at gmail.com> wrote:
> > >
> > > > I have an architectural type question for y'all.
> > > >
> > > > There is a company developing a piece of software that will connect
> > with
> > > > our own internal systems. Their web app needs to pull data from an
> > > > application we have. Our application is not (currently) exposed to
> the
> > > > public. How would you suggest allowing them to connect?
> > > >
> > > > Options I've thought of:
> > > >
> > > > * Our app exposes a public API that they tug on
> > > > * We set up a proxy server between the two
> > > > * We set up a VPN tunnel of some sort between their servers and ours,
> > at
> > > > the network level or at the server level
> > > > * We have somebody there and somebody here sitting at keyboards
> talking
> > > on
> > > > the phone to each other and transmitting data, and just hope that
> > scales
> > > >
> > > > We're reluctant to expose our test and qa systems to the internet.
> But
> > > > maybe that's a suck-it-up-and-put-on-your-big-boy-pants kind of
> thing.
> > I
> > > > don't know.
> > > >
> > > > Any thoughts on best practice here?
> > > >
> > > > --
> > > > Todd
> > > > _______________________________________________
> > > > Cialug mailing list
> > > > Cialug at cialug.org
> > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>

More information about the Cialug mailing list