Menu
I'm planning to deploy an internal app that has sensitive data. I suggested that we put it on a machine that isn't exposed to the general internet, just our internal network. The I.T. department rejected this suggestion, saying it's not worth it to set aside a whole machine for one application. (The app has its own domain in case that's relevant, but I was told they can't block requests based on the URL.)
Inside the app I programmed it to only respect requests if they come from an internal I.P. address, otherwise it just shows a page saying "you can't look at this." Our internal addresses all have a distinct pattern, so I'm checking the request I.P. against a regex.
But I'm nervous about this strategy. It feels kind of janky to me. Is this reasonably secure?
477
IP filtering is better than nothing, but it's got two problems: IP addresses can be spoofed. If an internal machine is compromised (that includes a client workstation, e.g. via installation of a Trojan), then the attacker can use that as a jump host or proxy to attack your system.
What's Wrong with Whitelisting an IP Address? Whitelisting an IP address compromises the security of the user as well as the reliability of the server for everyone else that uses it. To unpack this, we need to explain what an IP address is and why IP addresses get blocked in the first place.
IP filtering lets you control what IP traffic will be allowed into and out of your network. Basically, it protects your network by filtering packets according to the rules that you define. NAT, allows you to hide your unregistered private IP addresses behind a set of registered IP addresses.
Frame you for crimes: A skilled hacker can use your IP address to impersonate you online, routing activity through your address instead of their own. Ultimately, they could frame you for buying drugs, downloading child pornography, or even creating national security threats.
IP filtering is better than nothing, but it's got two problems:
IP addresses can be spoofed.
If an internal machine is compromised (that includes a client workstation, e.g. via installation of a Trojan), then the attacker can use that as a jump host or proxy to attack your system.
If this is really sensitive data, it doesn't necessarily need a dedicated machine (though that is best practice), but you should at least authenticate your users somehow, and don't run less sensitive (and more easily attacked) apps on the same machine.
And if it is truly sensitive, get a security professional in to review what you're doing.
edit: incidentally, if you can, ditch the regex and use something like tcpwrappers or the firewalling features within the OS if it has any. Or, if you can have a different IP address for your app, use the firewall to block external access. (And if you have no firewall then you may as well give up and email your data to the attackers :-)
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
