On Mon, Feb 3, 2020 at 12:50 PM Christopher Morrow <morrowc.li...@gmail.com> wrote:
> On Mon, Feb 3, 2020 at 1:35 PM Christopher Morrow Matt Harris|CIO 816-256-5446|Direct Looking for something? Helpdesk Portal|Email Support|Billing Portal We build and deliver innovative IT solutions. > <morrowc.li...@gmail.com> wrote: > > > > On Mon, Feb 3, 2020 at 1:26 PM William Herrin <b...@herrin.us> wrote: > > > > > > On Mon, Feb 3, 2020 at 10:24 AM Christopher Morrow > > > <morrowc.li...@gmail.com> wrote: > > > > On Mon, Feb 3, 2020 at 11:45 AM Harald Koch <c...@pobox.com> wrote: > > > > > Jenkins, like a zillion other developer-oriented tools, should > never be deployed Internet-facing. > > > > > Reflection attacks inside an enterprise are handled by HR. :) > > > > > > > > good golly, so glad everyone's enterprise is a hard candy version of > same. > > > > no need for these remote workers, or discontiguous offices, or > > > > 'internet centric workforces'. > > > > > > VPN. > > > > I love it when my home network gets full access to the corporate network! > > Sorry, to be a little less flippant and a bit more productive: > "I don't think every remote endpoint needs full access (or even some > compromise based on how well you can/can't scale your VPN box's > policies) access to the internal network. I think you don't even want > to provide this access based on some loose ideas about 'ip address' > and 'vpn identity'." > > Ideally you'd be able to authenticate and authorize and even > account(!) based on a real user-id + passwd + token (2fa thing). > Somethign akin to this: > https://cloud.google.com/beyondcorp/ > > maybe using the googz work directly isn't your cup-o-joe(jane?) but... > the idea itself is the point I was aiming for. >
