Design for security

Posted Feb 1, 2019 21:15 UTC (Fri) by Cyberax (✭ supporter ✭, #52523)
In reply to: Design for security by nim-nim
Parent article: Design for security

> That's trivial to handle, just deploy a firewall that forbids everything except the corp VPN when outside the corp network
Try it. Go on, try it. I dare you.

Hint: this won't work. Even Starbucks requires you to click through the captive portal page to get access to WiFi. Ditto for GoGoInflight and approximately most of other public access points.

Design for security

Posted Feb 2, 2019 12:10 UTC (Sat) by nim-nim (subscriber, #34454) [Link] (1 responses)

That actually works (not my domain, I haven't looked at it, but I think the desktop firewalls let pass the first few requests without filtering to let the portals show up). Or they just let google search been redirected, as that's the internet for a lot of users.

Design for security

Posted Feb 2, 2019 20:51 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

Which ones? The firewall on Mac OS X will not disallow outbound connections. It will simply block incoming connections (possibly with exceptions for signed binaries).

You can install additional firewall software but at this point you can just as well install a full-blown management client instead.