It seems to come up quite regularly that someone asks to access internal resources over the internet. Obviously this is a bad idea to expose internal hosts to the internet, but what about to specific hosts? Technically, I know this is very easy to implement. I'm just not sure if it's a good or bad idea.
For the most recent request, another company is asking to allow SSL traffic on a non-standard port from 2 AWS IPs they use to an inside host. They claim this is the only way their product works and an IPSec tunnel is out of the question.
How do you handle these types of requests, and is it even anything to be worried about?
No comments:
Post a Comment