Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Two security concepts come to mind: defense in depth and assume breach. A hacked device on your lan doesnt have to equal complete compromise of your betwork. Giving up at the perimeter is one option, sure. Another is to design a network to be as resilient as possible to attack and compromise by layering defensive controls and assuming some can be bypassed. Then develop detective/preventative controls to respond when they are.

Edit: specifically, encrypting http traffic will help reduce the risk of the threat actor acquiring new credentials (since we don't reuse those) and using them to pivot to other resources.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: