For example our firewall rules are like this. the fact that we don't allow all ports outbound (as the default, I mean stupid rule, pre-configured on many firewalls) and we don't allow any outbound traffic by IP directly, unless it is first resolved by DNS. To be fair, I haven't really looked into how many "bad things" are caught by the DNS blockade vs. We use DNS Redirector, it does a great job of blocking all the proxy / anonymizer websites / VPN things. Anything prevented still means the person intentionally went very far out of their way to break policy, and in fact DID break policy. Prevention is nice if you can get there, but still requires enforcement. but only if that enforcement WILL take place.ģ. The cam doesn't stop anything it provides a method of enforcement, after the fact. It is little different than installing a camera in the break-room to stop lunch thefts. If management does not wish to enforce, then you do not need to prevent. In this case, there is likely no need to prevent if you can simply detect and enforce. If you have the support, then you are talking about an actor who is intentionally breaking policy. If you do not have policy support, then you are wasting your time, and would be better focused on mitigating the result.Ģ.
Verify that it is possible to even address it in that arena. This technology starts with being a human problem. But before the technical details even matter.ġ. Pretty sure it can take a chunk out of this, which means yours can likely do so as well.
I used to run a Composer v DC10 from the last century.