What is best practice for building and Internet Exposed host for Github Webhook proxy?

Looking to build a internet exposed host which receives Webhooks from Github to be forwarded internally.

- What is required here, for best practice - plan to do this on a VM - so hardware is fine.
- Are there any security risks - eg. ports open?
Darrin CrawfordAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kyle SantosQuality AssuranceCommented:
Hi,

I am following up on your question.  Do you still need help?

If you solved the problem on your own, would you please post the solution here in case others have the same problem?

Regards,

Kyle Santos
Customer Relations
Darrin CrawfordAuthor Commented:
No one seems to be able to help on this one
Kyle SantosQuality AssuranceCommented:
Hi Darrin,

Thank you for letting us know.

Would you like me to send more alerts to experts to see if we can get you some help here?

Regards,
Get a highly available system for cyber protection

The Acronis SDI Appliance is a new plug-n-play solution with pre-configured Acronis Software-Defined Infrastructure software that gives service providers and enterprises ready access to a fault-tolerant system, which combines universal storage and high-performance virtualization.

Darrin CrawfordAuthor Commented:
yes please, it would be really helpful if you could
Blue Street TechLast KnightCommented:
Hi Darrin,

Security-Risks??? Yes, there are always security risks when you open up to the Internet. I'd put the Host in the DMZ and then create Access Rules in your Firewall to only allow traffic through the ports that are required for the host to function with the hooks/redirects same thing goes for the traffic from the DMZ to the LAN. So in essence you will have two sets of rules WAN>DMZ and DMZ>LAN. Depending on the Firewall, you should be able to invoke the full SecStack on the traffic as it traverses each Zone. With DPI-SSL you will be able to inspect all the traffic traversing in each Zone even if it is encrypted. Having a virtualized network sandbox is a Security Best Practice too, that way if any unknown, zero-day and/or Ransomware infections attack your Host the sandbox would catch them and perform a full code detonation before issuing a verdict. This should all happen in 5 seconds or less.

Let me now if you have any questions!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kyle SantosQuality AssuranceCommented:
Hi Darrin,

Is there anything else you need assistance with or is this question resolved?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Virtualization

From novice to tech pro — start learning today.