|
|
|
|
|
|
by AstralStorm
2499 days ago
|
|
|
The internal remote hole can be thought of as a force multiplier.
An attacker that bypasses the edge in any way gets every machine in your network. It takes any other remote bug or anyone getting to any badness on the Internet.
And then if your domain controller is owned, it's everything... A simple virus could even do it. It takes only one instance for this bug to completely take over your network if you're Windows based. Remember Windows XP time? That's how it is. Unless you completely cut off internal network everywhere. Good luck with that policy. You wouldn't even know you have been owned completely and expect only a router issue if the breach is from there. Or not even spot anything out of ordinary. About the only real way is to presume internal network is compromised and keep diversity and backups to reduce impact.
Compartmentalize, do not centralize, no matter how much money you'd save that way. If a man has to go to fix an issue instead of remote login, so be it. |
|
|