|
|
|
|
|
|
by notyourday
2494 days ago
|
|
|
This actually is a perfect illustration why in production all of your systems have to go through a while-listing proxy rather than a NAT for the outside access. There should be a very limited number of known external URLs that your production system needs to hit. Whitelist them on a proxy. Block the rest. Dump the blocked requests into a log. Put alerts on a log. It will get most of data exfiltration attempts or attacks such as this. Remember, when your goal is not to have a perfect security -- your goal is to have a better security than someone else so that someone else gets to be a chump and not you. |
|
|