Travis,<br><br>I would beg to differ on a couple of points below. This weekend I finished configuring a mail server out on Amazon EC2, and I have an Elastic IP assigned to it with Reverse DNS. I think the reverse DNS is a relatively recent feature addition, however.<br>
<br>Jason <br><br><div class="gmail_quote">On Mon, Feb 7, 2011 at 12:31 PM, Travis Sidelinger <span dir="ltr"><<a href="mailto:travissidelinger@gmail.com">travissidelinger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Anyone,<br>
<br>
Any colug'ers have experience with maintaining security with cloud<br>
services? We firewall everything inbound and outbound for our DMZ<br>
systems, but, this has been getting increasingly difficult with cloud<br>
services that like to change their IP address often. An example is<br>
Amazon's cloud. They are not using static IP addresses and you can't<br>
use reverse DNS lookups to validate their service. A firewall rule<br>
can be good for about a day before it changes. We are planning to<br>
upgrade our firewall to a Cisco product, which I'm hoping has a<br>
feature that can check URL's. If that doesn't work, I may need to<br>
build a special proxy service for these that can provide URL based<br>
ACLs.<br>
<br>
~Travis Sidelinger<br>
<font color="#888888"><br>
--<br>
"A careful reading of history clearly demonstrates ...<br>
that people don't read history carefully.”<br>
<br>
_______________________________________________<br>
colug-432 mailing list<br>
<a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
<a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
</font></blockquote></div><br>