top | item 30682865

(no title)

zurn | 4 years ago

Network segregation is your last line of defense. Having anything rely on it is a recipe for a bad security that's always just one step away from someone getting around it due to misconfiguration, request forgery, networks configuration changes over time, malware transiting over via VPNs etc. And of course from the SW vendor POV they don't know if the customer env employs this defense in depth layer, so it's really irresponsible to rely on it. Like is amply demonstrated here...

If a product upon unboxing promptly flops on its back with "come here internet" access controls, even if by good fortune it's saved by your network ACLs, it's time to put it back in the box and return it.

discuss

rr808|4 years ago

One problem is there is very little reliable best practice on network security. Do you have any good resources?