[colug-432] Cloud services and security

Angelo McComis angelo at mccomis.com
Mon Feb 7 18:09:40 EST 2011


Exactly.  Not ideal at all.

For what you are describing, it sounds like virtual private cloud is
more appropriate. That way you are working with servers that are
essentially on your wire rather than simply some wild IP address. Not
knowing where you work or the paranoia there, this may or may not
solve anything.

- Angelo

{via mobile device}

On Feb 7, 2011, at 5:57 PM, Travis Sidelinger
<travissidelinger at gmail.com> wrote:

> And what happens then when your firewall needs to lookup your IP for
> every packet.  That seems very inefficient and will really slow down
> every packet.
>
>
> On Mon, Feb 7, 2011 at 4:17 PM, Angelo McComis <angelo at mccomis.com> wrote:
>> On Mon, Feb 7, 2011 at 3:43 PM, Travis Sidelinger
>> <travissidelinger at gmail.com> wrote:
>>>
>>> Also, with a short DNS, I think the lowest you can go is 1 minute.  So
>>> even with we had a firewall that could dynamically update, there will
>>> still be a 1 minute outage every time the IP flips.
>>>
>>>
>>
>> That's not entirely true. In some cases, you can set the TTL to -1, so that
>> it is never cached, and is resolved each time.  DNS administrators will hate
>> you for life, make fun of you in public, and perhaps vandalize your cube if
>> you do this though because their infrastructure is getting hit for EVERY
>> request, rather than once for each client every so often.
>>
>> Technically it is possible though.
>>
>>
>> _______________________________________________
>> colug-432 mailing list
>> colug-432 at colug.net
>> http://lists.colug.net/mailman/listinfo/colug-432
>>
>>
>
>
>
> --
> "A careful reading of history clearly demonstrates ...
> that people don't read history carefully.”
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432



More information about the colug-432 mailing list