[Cialug] Connect Two Independent Sites

Dave Hala dave at 58ghz.net
Thu Jan 9 16:26:26 UTC 2020 

I'd second the REST API over https.  For you API ,an authentication token
with a very short life is also helpful.   Whitelisting is useful, but it
should be used in conjunction with a number of other strategies.

: ) Dave


On Thu, Jan 9, 2020 at 10:14 AM Brett Neese <brneese at brneese.com> wrote:

> But anyone who can spoof your IP (or simply get your network IP, ie, via a
> guest wifi, for instance) can DDoS you. They won't get a response back, but
> they would be able to send responses to.
>
> Brett Neese
> 563-210-3459
>
>
>
> On Thu, Jan 9, 2020 at 10:09 AM Scott Yates <Scott at yatesframe.com> wrote:
>
> > I might argue that point.  I think a REST API served over https combined
> > with ip whitelisting might have a smaller attack surface and sacrifice no
> > security.
> >
> > On Thu, Jan 9, 2020 at 10:05 AM Brett Neese <brneese at brneese.com> wrote:
> >
> > > VPN is also a good option, and more secure than IP whitelisting. My
> > > security friends highly recommend https://www.wireguard.com/.
> > >
> > > Brett Neese
> > > 563-210-3459
> > >
> > >
> > >
> > > On Thu, Jan 9, 2020 at 9:58 AM Scott Yates <Scott at yatesframe.com>
> wrote:
> > >
> > > > I would tend towards an API with IP whitelisting.  It is the simplest
> > to
> > > > reason about.
> > > >
> > > > On Thu, Jan 9, 2020 at 9:49 AM Todd Walton <tdwalton at gmail.com>
> wrote:
> > > >
> > > > > I have an architectural type question for y'all.
> > > > >
> > > > > There is a company developing a piece of software that will connect
> > > with
> > > > > our own internal systems. Their web app needs to pull data from an
> > > > > application we have. Our application is not (currently) exposed to
> > the
> > > > > public. How would you suggest allowing them to connect?
> > > > >
> > > > > Options I've thought of:
> > > > >
> > > > > * Our app exposes a public API that they tug on
> > > > > * We set up a proxy server between the two
> > > > > * We set up a VPN tunnel of some sort between their servers and
> ours,
> > > at
> > > > > the network level or at the server level
> > > > > * We have somebody there and somebody here sitting at keyboards
> > talking
> > > > on
> > > > > the phone to each other and transmitting data, and just hope that
> > > scales
> > > > >
> > > > > We're reluctant to expose our test and qa systems to the internet.
> > But
> > > > > maybe that's a suck-it-up-and-put-on-your-big-boy-pants kind of
> > thing.
> > > I
> > > > > don't know.
> > > > >
> > > > > Any thoughts on best practice here?
> > > > >
> > > > > --
> > > > > Todd
> > > > > _______________________________________________
> > > > > Cialug mailing list
> > > > > Cialug at cialug.org
> > > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > > >
> > > > _______________________________________________
> > > > Cialug mailing list
> > > > Cialug at cialug.org
> > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>


-- 
NIFCAP  -The Premier Client Intake System for Non-Profit Organizations.
https://www.osis.us

More information about the Cialug mailing list