dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3
share rss forum feed

Sajan Parikh

join:2011-03-05
Walcott, IA
reply to OldCableGuy

Re: [IA] Dedicated IP from Mediacom?

It's not an either/or proposition. We of course use SSH Keys, but again that is for the authentication. I was looking for a way to drop the packet completely if it was from an uknown source...before SSH keys would even come into play.

Also, access to this server isn't simply by SSH. So the other software that we're connecting to on the server doesn't use SSH authentication, which is why this is being done on the firewall.

However, I think I'm going to just keep doing it the way I have been. Rather than getting a static IP from Mediacom, I'll just setup other VPNs in other geographic locations. That should give me the same redundancy.

Plus other people that work for me around the world all have static IPs that are whitelisted...so I shouldn't ever get into a situation where I'm completely locked out of my system.

If I do...I guess I'd just need to drive out to each datacenter or call their remote hands.
----------------------------------------

I should be fine, would still have preferred a static IP from mediacom for $6-8/mo though.


OldCableGuy

@communications.net
Obviously you don't know this but you can tunnel anything through SSH so you put one SSH server in the DMZ connect to that and then tunnel to everything you want to administer. No static IP addresses required, secure enough for PCI, and SOX audits. Problem solved, nuff said.

Sajan Parikh

join:2011-03-05
Walcott, IA
lol, that's how I have it setup now. The point of this thread is for what happens if that SSH server goes down.


OldCableGuy

@communications.net
Round Robin DNS to a pool of SSH servers? Load balancing frontend? Just spitballing ideas of how to do this correct instead of some static IP kludge.
Expand your moderator at work

Sajan Parikh

join:2011-03-05
Walcott, IA

1 edit
reply to OldCableGuy

Re: [IA] Dedicated IP from Mediacom?

To be honest, the other solutions your spitballing are more kludge than static IP.

If I had a business account with Mediacom, I'd use a static IP. That's how I have it with other providers, and that's how businesses with Mediacom do it.

Asking for a static IP is not a workaround, that is THE solution. Just the status of my account prohibits me from getting one from Mediacom.

Edit: When I say that is "THE" solution, I don't mean in terms of overall security.

I'm talking about getting a static IP is what anybody would do first before any sort of DNS round robin.


OldCableGuy

@communications.net
So what happens when you're traveling and don't have access to your static IP?

Your lack of planning tells me you have not thought this through much at all if at all, period.

Also you clearly have never heard of IP spoofing, I could send packets to your device forged as any IP on the net if I wanted to.

What you're suggesting is the same as turning off all encryption on your wifi and doing MAC filtering, laughable security at best.
Expand your moderator at work

Sajan Parikh

join:2011-03-05
Walcott, IA
reply to OldCableGuy

Re: [IA] Dedicated IP from Mediacom?

said by OldCableGuy :

So what happens when you're traveling and don't have access to your static IP?

Your lack of planning tells me you have not thought this through much at all if at all, period.

Also you clearly have never heard of IP spoofing, I could send packets to your device forged as any IP on the net if I wanted to.

What you're suggesting is the same as turning off all encryption on your wifi and doing MAC filtering, laughable security at best.

I'm not sure if you're read the thread...but I'm not looking to replace my already existing VPNs and VLANs to simple iptables IP blocking.

Also, I'm not entirely sure where your attitude comes from.

My simple question was if Mediacom could provide me a static IP. Can source IPs be spoofed..yes, does that mean nobody should use them as a security layer even if it adds very little benefit? No.