|
|
|
|
|
|
by arghwhat
415 days ago
|
|
|
I wouldn't consider it a second line of defense - as a rule of thumb, it will only catch old and overused attack vectors, and rarely well. Anything novel will fly right past it, and it will have false positives. Plastering ineffective or mildly effective security everywhere in the name of "defense in depth" can have negative value as it reduces diligence in applying more relevant security measures that aren't just a random package install. |
|
|
I see this all the time with VPNs. By having everything behind the company VPN, application security isn't taken as seriously. As a result, lateral access becomes trivial at these companies.
Keeping everything public internet exposed from the start actually results in better security.