Does anyone out there allow direct access to Dradis Pro?

88 views
Skip to first unread message

ARozar

unread,
Feb 5, 2015, 5:29:00 AM2/5/15
to dradi...@googlegroups.com
Currently I use VPN access to get into Dradis Pro. Sometimes (more times than not) this is a pain the butt, do any of you allow direct access (via 443 only) to your Dradis Pro setups?


Thanks
Avery

Mike McLaughlin

unread,
Feb 5, 2015, 6:36:15 AM2/5/15
to dradi...@googlegroups.com

Given the sensitivity of the data stored in our Dradis instance we use the same VPN set up as you.

 

Kind regards,

 

Mike

Mike McLaughlin MBCS GSEC GPEN OSCP CRT

Senior Penetration Tester & Technical Team Lead

First Base Technologies LLP

--
You received this message because you are subscribed to the Google Groups "Dradis Pro users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dradis-pro+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________


______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

Stephen Corbiaux

unread,
Feb 5, 2015, 6:39:12 AM2/5/15
to dradi...@googlegroups.com

We also used it over vpn.. No problems with this setup..

Kvetch

unread,
Feb 6, 2015, 5:44:55 PM2/6/15
to Dradis Pro users
If you import the VM into AWS you can control access numerous ways.  I know I don't need to tell this audience all the ways it can be secured and likely some will object to the suggestion of cloud hosting, but with AWS you can control access via specific AWS ACLS, host based iptables, nginx, VPN ...
Plus it is simple enough to powerdown whenever not in use and you can prune and offload your data whenever you feel that it is safe to delete that customer's engagement.

Thanks,
Nick

Daniel Martin

unread,
Feb 9, 2015, 9:48:08 AM2/9/15
to dradi...@googlegroups.com
Hi Nick,

Thanks for chipping in.

I looked into importing to AWS myself, the idea was to create a guide similar to the one we have for Linode at [i], but the truth is that the process was quite complicated (back in the day) mainly due to the full-disk encryption feature of our VM (afaik you couldn’t import such VMs to AWS at the time).

What was your experience re: importing AWS? Do you happen to have some notes you can share (maybe privately with me) so I can look into creating some documentation for others that might be interested?

Many thanks,
Daniel


[i]
http://securityroots.com/dradispro/support/guides/deploy_linode.html

Director
Security Roots Ltd.
Registered company no 07389856 in England and Wales

Nick

unread,
Feb 9, 2015, 4:12:42 PM2/9/15
to dradi...@googlegroups.com, dan...@securityroots.com
Hey Daniel,
I didn't want to clutter up this thread, so I posted a new one with my old notes, hope that's okay.  Can't say it wasn't somewhat complicated but it wasn't too bad overall.  For me, the AWS stuff is more frustratingly complicated than changing the DradisPro VM.

Cheers,
Nick Baronian
Reply all
Reply to author
Forward
0 new messages