undefined | Better HN

0 pointshugo17896mo ago0 comments

What’s the alternative—locking down all legitimate users and still losing the data anyway?

Network controls alone don’t stop exfiltration. HDMI/DP can move data faster than most consumer NICs. Does the system account for that scenario?

0 comments

2 comments · 2 top-level

It's a matter of layers. Banning VPNs isn't a perfect measure. But it makes it a lot easier than when you let everyone cowboy around.

Same with RBAC. It's not perfect because some people need legit access to stuff and it can be abused. But it makes it much harder for bad actors.

> Network controls alone don’t stop exfiltration.

Stop signs alone don't stop all traffic accidents.

j / k navigate · click thread line to collapse