- Posted on
Sun Aug 08, 2021 9:23 am
-
joel.snyder
offline
-
- Posts: 28
- Joined: Aug 31, 2016
Thanks for the clarifications and insights. That helps me to understand better the risk.
Just some ideas for a future version of the reflector: if the connection (tunneled) back to the Indigo server has to be enabled from Amazon AWS-land, it would be possible to reduce the attack surface significantly by using either known IPs of AWS data centers or a GeoIP database. You wouldn't want to hassle too much to be super-precise, which is a maintenance headache, but you could offer a check-box in the GUI (at the Reflector end) that only allows traffic that is "likely" to be from AWS.
Not sure if you have an industry standard firewall in front of the Reflector boxes, but most of the UTM devices have this sort of capability built-in. And if the reflector devices are actually 'in the cloud,' most cloud IaaS providers also have this kind of GeoIP that you could activate. Of course, the issue would be separating out customers who want versus who don't want and dealing with transition time between "protected" and "non-protected" but ... it is something you could do which wouldn't be especially challenging from an InfoSec point of view.