Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
By outbound port or blocked the dns lookup? I knew of a place that just blocked the dns so we have a cross reference of ip to use. Can you ping 8.8.8.8 or 8.8.4.4?
-
@bkwilliams They have a proxy that they route all traffic through, and apparently it's either down or misconfigured.
Pinging IPs doesn't work -
bahua128015yCan you ssh out? If you can connect to an external host, you can tunnel a socks proxy through it with a single command. If you're using windows you can do it with putty.
-
@bahua Pretty sure I'd get seriously in trouble for doing that. Can't subvert their proxies or firewalls. Policy here is law.
-
@bkwilliams Oh no, that's the best part. All our clients have internal email addresses, so emails work perfectly fine
(ノ°益°)ノ -
bahua128015y@obsecurity
Maybe, but using a well documented feature of approved software that the company provides is hard to describe as being in violation of policy. If you leave a window open, you can only be angry at yourself when a bird flies through it. -
OK... I'll be a tad mean here, but:
- Blocking sites outside of the network seems like a good way to prevent attacks from the wild, buuuuuut...
- One of the biggest threats today for companies and the military/government alike is the insider/disgruntled employee factor.
- Self-hosted websites? So, say, if a person self-hosts a vulnerable website? What could go wrong? Increasing the attack vector for an insider attack here.
- As for subverting... encapsulation is your friend. Unless they pulled the cord from the router, some info will go out one way or another. Might make a nice pet project, building a tool for it.
If clients from the OUTSIDE can send to you and receive from you, that might be the path.
So, the estimated path of attack (as I estimate it from that little I've read) is You --> Coworker (through vuln site) --> email encapsulation --> custom email server ---> internet
Might not be fast, and certainly not for streaming, but it can get the job done. -
Also, the above is for educational purposes only, don't get fired over browsing facebook.
-
Sounds easy to get the coding job done. especially since you can't search the web for stuff...
vpn? -
devs30755yThe police here does the same. Only internal websites and systems are allowed. Email only available through outlook, which gets configured automatically through the domain controller.
If you need to visit external websites, you can open a browser through a Citrix app (so a web browser on a server).
It’s pretty secure. If an employee accidentally clicks a spam link, you won’t introduce a virus anywhere, as your normal browser can’t access anything. The browser in critrix can’t download anything
Related Rants
-
Stress9> Claims to be a security expert and an Anonymous member > His router uses WEP as encryption
-
terminalterror13I've ranted so much, this is where they moved me to. They couldn't fire my because I was too valuable an asset...
-
boombodies12Corporate IT: Here at Company A we are very proactive about CyberSecurity! Dev: What is our cybersecurity pla...
My office has blocked access to all external websites. Only internal, self-hosted sites under our domain work.
P E A K. S E C U R I T Y.
rant
security fail
office life
network issues