|reply to ZC_217 |
Re: [IA] Dedicated IP from Mediacom?
That would essentially be me keeping a port open, wouldn't it?
The only problem with that is that it would accept the connection from any IP address and the security would rely on the authentication.
Which is perfectly fine and may end up what we do. However, I was much rather looking to dropping the packet completely if it wasn't from the handful of IPs (our VPNs + Dedicated Mediacom IP) that I would whitelist.
Please correct me briefly and point me in the right direction if I misunderstood. It's 8AM and I haven't slept. :P.
Des Moines, IA
You wouldn't really be leaving a port open per se. It would respond to connections from any IP address, but you can use internal security authentication. I understand not wanting your firewall to respond to anything from untrusted sources but if you have good internal security policies you should be ok.
The way we use our software VPNs is in order to authenticate with the VPN and establish connectivity is to log into the VPN Client with internal Radius logins that must comply with IT Security policies. So you still have to have the right credentials for the firewall to even respond with anything other than requesting login.
Not knowing what kind of business it is, I don't know what level security is required, but I can't see allowing software VPNs opening your firewall up to anymore issues. If you don't have the right credentials it then simply drops the traffic. And you still have access to your servers no matter what your IP is.