nanog mailing list archives
Re: Jenkins amplification
From: Matt Harris <matt () netfire net>
Date: Mon, 3 Feb 2020 13:30:19 -0600
On Mon, Feb 3, 2020 at 12:50 PM Christopher Morrow <morrowc.lists () gmail com> wrote:
On Mon, Feb 3, 2020 at 1:35 PM Christopher Morrow
Matt Harris|CIO 816-256-5446|Direct Looking for something? Helpdesk Portal|Email Support|Billing Portal We build and deliver innovative IT solutions.
<morrowc.lists () gmail com> wrote:On Mon, Feb 3, 2020 at 1:26 PM William Herrin <bill () herrin us> wrote:On Mon, Feb 3, 2020 at 10:24 AM Christopher Morrow <morrowc.lists () gmail com> wrote:On Mon, Feb 3, 2020 at 11:45 AM Harald Koch <chk () pobox com> wrote:Jenkins, like a zillion other developer-oriented tools, shouldnever be deployed Internet-facing.Reflection attacks inside an enterprise are handled by HR. :)good golly, so glad everyone's enterprise is a hard candy version ofsame.no need for these remote workers, or discontiguous offices, or 'internet centric workforces'.VPN.I love it when my home network gets full access to the corporate network!Sorry, to be a little less flippant and a bit more productive: "I don't think every remote endpoint needs full access (or even some compromise based on how well you can/can't scale your VPN box's policies) access to the internal network. I think you don't even want to provide this access based on some loose ideas about 'ip address' and 'vpn identity'." Ideally you'd be able to authenticate and authorize and even account(!) based on a real user-id + passwd + token (2fa thing). Somethign akin to this: https://cloud.google.com/beyondcorp/ maybe using the googz work directly isn't your cup-o-joe(jane?) but... the idea itself is the point I was aiming for.
Current thread:
- Jenkins amplification Töma Gavrichenkov (Feb 03)
- Re: Jenkins amplification Harald Koch (Feb 03)
- Re: Jenkins amplification Christopher Morrow (Feb 03)
- Re: Jenkins amplification William Herrin (Feb 03)
- Re: Jenkins amplification Christopher Morrow (Feb 03)
- Re: Jenkins amplification Christopher Morrow (Feb 03)
- Re: Jenkins amplification Matt Harris (Feb 03)
- Re: Jenkins amplification Matt Harris (Feb 03)
- Re: Jenkins amplification Jean | ddostest.me via NANOG (Feb 03)
- Re: Jenkins amplification Ryan Hamel (Feb 03)
- Re: Jenkins amplification Jean | ddostest.me via NANOG (Feb 03)
- Re: Jenkins amplification Christopher Morrow (Feb 03)
- Re: Jenkins amplification Christopher Morrow (Feb 03)
- Re: Jenkins amplification Mike Meredith (Feb 04)
- Re: Jenkins amplification Christopher Morrow (Feb 04)
- Re: Jenkins amplification Harald Koch (Feb 03)
- Re: Jenkins amplification Michael Thomas (Feb 03)
- Re: Jenkins amplification Sabri Berisha (Feb 03)
- Re: Jenkins amplification Christopher Morrow (Feb 03)