alt Hacker NewsIgnoring the ridiculous complexity of Entra and how easy it is to not realize you’re making a mistake with it (especially internal at Microsoft where there’s no delineation between all the internal tenants you need to support and 3P customer tenants), it’s really scary how people think an auth token is the only layer of security you need. These sites shouldn’t have ever been exposed to public internet (they’re not now). Network security is such an afterthought but it’s the best layer of defense you can have!
Replies
xtajv • last Sunday at 2:14 PM
> Network security is such an afterthought but it’s the best layer of defense you can have!
I mean, it's an additional layer.
Defense-in-depth is about having multiple.
datadrivenangel • last Monday at 1:32 PM
Zero trust but absolutely backwards.
> Network security is such an afterthought but it’s the best layer of defense you can have!
I think the opposite problem can be the case: people think that something inside a VPN is now secure and we don't have to worry too much about it.