On Mar 28, 2017, at 12:20, BIll Moede <email@example.com> wrote:
> I'm looking to put together a backup STL system for use over an IP / Internet connection. ...
If you have the wherewithal to use a private (non-public-Internet-based) Ethernet link between the two sites, that would be your most secure option. The peace of mind would be worth the extra money IMHO.
If you need some options for this, call Kile Broyles at Jabez Communications ( http://ww.jabeztelecom.com/contact-us ) and tell him "Sherrod says you can give me some quotes for something like a private Ethernet or Metro Ethernet circuit for our radio station STL." :-) He'll take care of you.
On Mar 28, 2017, at 12:41, Steve Tuzeneu <firstname.lastname@example.org> wrote:
> ... If you do go with the Barix boxes, don't forget to change your user name and password.
Said another way:
Don't forget to change the credentials on *any* system you deploy using the public Internet.
And don't think that just putting it behind a firewall with a port-forward makes it secure -- I recently found one piece of broadcast gear sitting out on the open Internet. It was behind a perfectly good (but useless) firewall that had a port-forward directly into the unprotected equipment. The user might have as well assigned it a public IP address with a sign hung out front saying "Come hack me!"
At the very least, if you're not going to use a private circuit or a VPN to provide an end-to-end path between the two sites (which you really should do whenever possible), configure your firewalls (you do have a firewall at each site, I trust) to only allow incoming IP connections from the static IP address of the other site's ISP connection. If you were thinking of using DHCP addresses from your ISP, do yourself a favor and instead acquire a static IP address. It will make your security much easier to configure on the firewalls and make setting up a VPN far easier too.
If anyone needs some help with this type of setup (or better understanding of the concepts involved) feel free to contact me off-list.