I’ve noticed the following trend in network configuration: networks that do not have default routing and DNS resolution to the Internet for internal hosts. While I can somewhat understand this method of network configuration, it does reduce Internet functionality, and without using a proxy of some type, you do not get to the Internet. Does this increase your Internet security posture, or is it blinding you to the real threat that may still exist while also reducing functionality?
My thought is those using this method are saying to the Internet, “La la la, I can’t hear you” all the while the Internet is merrily chatting away. Just because you are not listening, does not mean things are not being done.
It is important to point out that several BotArmies are proxy aware. With today’s mobile workforce, assets are readily leaving the network (doing God knows what), and then reconnecting, and home users/telecommuters are using VPNs to access corporate assets. Given that, shouldn’t we be listening and paying attention?
- Jeff McGough, Damballa VP of Operations
