|
|
|
|
|
|
by hg35h4
1951 days ago
|
|
|
It was a fine simple solution until DoH. In some internal environments the internal traffic volume can be much higher than the few services that might be publicly exposed. Sure lots of ways you could do it - get a fat edge firewall to hairpin the traffic + support Internet access but you end up paying a lot more for all the threat licenses on the oversized edge. Could add many more tiers, maybe more translations or overlays... but why bother with a lot more complexity or especially more cost just because someone saw a threat in another country and are trying to solve a problem that does not apply to most. Further more there can be internal only host names that are now getting probed and exposed externally. Exfiltration to a US company in the name of "security" |
|
|