Tuesday, July 20, 2021

Spoofing public IP addresses?

We’ve been asked to open port 22 to the internet for a server a company that uses our network so that their technicians can remote in and troubleshoot when needed. I’m wondering how secure it would be if we put in a rule on our firewall to only open port 22 from 1 source IP address (which would be the company who needs to remote in)? We’ll also use an alternative port for SSH, so it wouldn’t be the well known port of 22. Additionally, I plan to put this server in its own vlan with an ACL in place so that it has no visibility into the rest of our network. Is this a good solution? The only thing I could think of is if someone outside was able to somehow figure out we had this port open and then spoof their public IP to gain access to the server. How likely is that? Any other considerations I should have?



No comments:

Post a Comment