u/GriffGB

Hi,

Thought I'd ask this here, as I'm sure there's clever people out there.

We have a Time and Attendance system installed on an internal Windows domain server, and the supplier has just introduced an app that can connect to it and end users can use to request holidays, check times etc.

They say we need an SSL certificate (which I have), but have also said that the app needs to talk to the server on port 443 (I can change the port). Now, I can create a NAT rule in the Firewall on that port and point it at the server, but as it's an internal domain server, clearly i'm not comfortable doing that. I asked our supplier if I can restrict the source to where traffic is coming from, but got.....

>The requests would always be initiated from the devices the app is installed on, which also may make it difficult restricting it to specific IPs. A simple explanation of how the app works; is they first connect to our server with the company code entered by the user. This allows it to the retrieve the correct link to reach the company’s server with the API.

Once it’s got the link, it will allow the user to try logging in.

From this point onwards outbound connections would be to the company’s server with the API allowing the user to use the varying app functions they’ve been permitted.

I'm wondering what people's take on this are. It doesn't sound like it's possible to identify where traffic will be coming from.

I'm stuck thinking how I can restrict it, to prevent just anyone connecting to the server from outside, that shouldn't need to be.

Got a steak bake this morning. when did they become a small square and cost £2.25. (up in the North East).

i definitely remember them being rectangle at some point.

Also, have they binned off cheese and bacon wraps? Haven’t seen them in a while.

Part of my role is managing our email system (mostly O365) and our Gateway filtering system.

It does a pretty good job at blocking emails, but occasionally an email gets blocked incorrectly for spam, and it's usually machine learning, likely due to the way someone has phrased things in the email. The usual request from the recipient is "to whitelist the sender".

I'm always reluctant to whitelist anyone, as we have in the past had compromised mailboxes from customers before, and I don't want to open us up if I don't have to.

I tend to release the email, and mark it as incorrectly blocked so it's less chance of being blocked. If we repeatedly block their emails and it doesn't look it's any specific reason, then I may look to white-list, but it's a last resort.

I just wondered what other sys admins take on whitelisting email addresses are?