What is best practice for building and Internet Exposed host for Github Webhook proxy?

Darrin Crawford
Darrin Crawford used Ask the Experts™
on
Looking to build a internet exposed host which receives Webhooks from Github to be forwarded internally.

- What is required here, for best practice - plan to do this on a VM - so hardware is fine.
- Are there any security risks - eg. ports open?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kyle SantosSoftware Test Analyst I at Dassault Systemes

Commented:
Hi,

I am following up on your question.  Do you still need help?

If you solved the problem on your own, would you please post the solution here in case others have the same problem?

Regards,

Kyle Santos
Customer Relations

Author

Commented:
No one seems to be able to help on this one
Kyle SantosSoftware Test Analyst I at Dassault Systemes

Commented:
Hi Darrin,

Thank you for letting us know.

Would you like me to send more alerts to experts to see if we can get you some help here?

Regards,
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
yes please, it would be really helpful if you could
Last Knight
Distinguished Expert 2018
Commented:
Hi Darrin,

Security-Risks??? Yes, there are always security risks when you open up to the Internet. I'd put the Host in the DMZ and then create Access Rules in your Firewall to only allow traffic through the ports that are required for the host to function with the hooks/redirects same thing goes for the traffic from the DMZ to the LAN. So in essence you will have two sets of rules WAN>DMZ and DMZ>LAN. Depending on the Firewall, you should be able to invoke the full SecStack on the traffic as it traverses each Zone. With DPI-SSL you will be able to inspect all the traffic traversing in each Zone even if it is encrypted. Having a virtualized network sandbox is a Security Best Practice too, that way if any unknown, zero-day and/or Ransomware infections attack your Host the sandbox would catch them and perform a full code detonation before issuing a verdict. This should all happen in 5 seconds or less.

Let me now if you have any questions!
Kyle SantosSoftware Test Analyst I at Dassault Systemes

Commented:
Hi Darrin,

Is there anything else you need assistance with or is this question resolved?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial