[Cialug] Connect Two Independent Sites

Thu Jan 9 16:28:16 UTC 2020

The points Dave made echo my thoughts as well.

On Thu, Jan 9, 2020 at 10:27 AM Dave Hala <dave at 58ghz.net> wrote:

> I'd second the REST API over https.  For you API ,an authentication token
> with a very short life is also helpful.   Whitelisting is useful, but it
> should be used in conjunction with a number of other strategies.
>
> : ) Dave
>
>
> On Thu, Jan 9, 2020 at 10:14 AM Brett Neese <brneese at brneese.com> wrote:
>
> > But anyone who can spoof your IP (or simply get your network IP, ie, via
> a
> > guest wifi, for instance) can DDoS you. They won't get a response back,
> but
> > they would be able to send responses to.
> >
> > Brett Neese
> > 563-210-3459
> >
> >
> >
> > On Thu, Jan 9, 2020 at 10:09 AM Scott Yates <Scott at yatesframe.com>
> wrote:
> >
> > > I might argue that point.  I think a REST API served over https
> combined
> > > with ip whitelisting might have a smaller attack surface and sacrifice
> no
> > > security.
> > >
> > > On Thu, Jan 9, 2020 at 10:05 AM Brett Neese <brneese at brneese.com>
> wrote:
> > >
> > > > VPN is also a good option, and more secure than IP whitelisting. My
> > > > security friends highly recommend https://www.wireguard.com/.
> > > >
> > > > Brett Neese
> > > > 563-210-3459
> > > >
> > > >
> > > >
> > > > On Thu, Jan 9, 2020 at 9:58 AM Scott Yates <Scott at yatesframe.com>
> > wrote:
> > > >
> > > > > I would tend towards an API with IP whitelisting.  It is the
> simplest
> > > to
> > > > > reason about.
> > > > >
> > > > > On Thu, Jan 9, 2020 at 9:49 AM Todd Walton <tdwalton at gmail.com>
> > wrote:
> > > > >
> > > > > > I have an architectural type question for y'all.
> > > > > >
> > > > > > There is a company developing a piece of software that will
> connect
> > > > with
> > > > > > our own internal systems. Their web app needs to pull data from
> an
> > > > > > application we have. Our application is not (currently) exposed
> to
> > > the
> > > > > > public. How would you suggest allowing them to connect?
> > > > > >
> > > > > > Options I've thought of:
> > > > > >
> > > > > > * Our app exposes a public API that they tug on
> > > > > > * We set up a proxy server between the two
> > > > > > * We set up a VPN tunnel of some sort between their servers and
> > ours,
> > > > at
> > > > > > the network level or at the server level
> > > > > > * We have somebody there and somebody here sitting at keyboards
> > > talking
> > > > > on
> > > > > > the phone to each other and transmitting data, and just hope that
> > > > scales
> > > > > >
> > > > > > We're reluctant to expose our test and qa systems to the
> internet.
> > > But
> > > > > > maybe that's a suck-it-up-and-put-on-your-big-boy-pants kind of
> > > thing.
> > > > I
> > > > > > don't know.
> > > > > >
> > > > > > Any thoughts on best practice here?
> > > > > >
> > > > > > --
> > > > > > Todd
> > > > > > _______________________________________________
> > > > > > Cialug mailing list
> > > > > > Cialug at cialug.org
> > > > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > > > >
> > > > > _______________________________________________
> > > > > Cialug mailing list
> > > > > Cialug at cialug.org
> > > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > > >
> > > > _______________________________________________
> > > > Cialug mailing list
> > > > Cialug at cialug.org
> > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
>
>
> --
> NIFCAP  -The Premier Client Intake System for Non-Profit Organizations.
> https://www.osis.us
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>