good job all the networks cables are glued in and no one ever plugged a cable into the wrong port, or doing so might result in all the devices behind that firewall getting exposed directly to the internet and no one noticing because everything still works.
but Im done burning karma on this one, good luck have fun.
> good job all the networks cables are glued in and no one ever plugged a cable into the wrong port, or doing so might result in all the devices behind that firewall getting exposed directly to the internet and no one noticing because everything still works.
So just put your database server on an IPv6 ULA (which is not globally routable)? There are other benefits to that, too, you know? Like that you can have a completely static address for the server, which is agnostic to whatever IPv6 prefix gets assigned by your upstream provider.
did the unpaid intern do that before or after the insecure database server accidentally got given a public ip address?
did they also check and update that old office use only IIS server no one uses before the department all got public ips, or wasn't there a lunch budget for that.
Good job not even attempting to secure your office switch ports with whitelisted MACs or whatever, then.
And if you then argue that MACs can be spoofed easily, well, you'd have to get the MAC of the authorised system first. And by that time you've physically broken into the building - you have worse problems than a rogue device or two...
but Im done burning karma on this one, good luck have fun.