Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them.
-
Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. Just a thought. If you aren't sure if you are exposed, today seems like a good day to find out.
-
R relay@relay.infosec.exchange shared this topic
-
Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. Just a thought. If you aren't sure if you are exposed, today seems like a good day to find out.
@cR0w Hmm.
-
Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. Just a thought. If you aren't sure if you are exposed, today seems like a good day to find out.
@cR0w Is this a good practice reminder apropos of nothing super particular; or has one of the Enterprise Gateway Widget vendors covered themselves in glory again?
-
@cR0w Is this a good practice reminder apropos of nothing super particular; or has one of the Enterprise Gateway Widget vendors covered themselves in glory again?
@fuzzyfuzzyfungus As of today it's a general good practice reminder. But we never know what tomorrow may bring.
-
@fuzzyfuzzyfungus As of today it's a general good practice reminder. But we never know what tomorrow may bring.
Thanks to DYNDNS, my home based S2S WireGuard tunnels only allow the specific FQDN I need.
ISP DHCP based IP change is roughly a 1hr downtime window. My ZFS replications can handle that fine.
-
Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. Just a thought. If you aren't sure if you are exposed, today seems like a good day to find out.
@cR0w who is Ike & why are we trying to keep them off the internet?
-
@cR0w who is Ike & why are we trying to keep them off the internet?
@nyanbinary @cR0w Mike asked for his return... he did not tell us why.
