Hacker News new | ask | show | jobs
by randomf1fan 3266 days ago
And a quick follow up - our security team does not allow rogue * .company.com wildcards - they hunt down those sites and boot them off the network.

They do, however, allow *.<service>.company.com.
2 comments
SallySwanSmith 3266 days ago
Can you clarify who "our security team" is?
link
randomf1fan 3265 days ago
Sure - this was in reference to my top level comment, but I see that this dropped lower down the page.

I work for a large Fortune 150, one that you've heard of, and we have a security team that is constantly scanning our network for weaknesses and potential exploit vectors. They will kill (firewall off) any sites that might compromise the network and tell the application owner to fix the issue before they allow it back on the public net.

link
wolfgang42 3265 days ago
From the parent post:

> I work at a large Fortune 150 [...] we have [an] internal CA

(This was a lot clearer when there weren't so many other comments in between.)

link
IncRnd 3265 days ago
That is excellent advice from your security team.
link