For security purposes, most companies block non-standard browser ports. Moreover, they simultaneously permit their employees to connect to the Internet only via the usual necessary programs, such as browsers or e-mail clients. Unfortunately, the assumption that web browsers are only used to browse websites was good … a dozen or so years ago. Today, these are universal tools enabling virtually any operation and communication.
A good example is the Domotz company, which offers the service of encapsulating a protocol for a remote desktop operating on port 3000 (and others) to port 443 and displaying it in the browser window. Besides the typical VNC service transferred to port 443, Domotz also offers a wide range of device monitoring, protection against unknown devices connecting to the network, automatic alarm in the event of switching off a monitored device, etc. At the same time, in the event of SSL offloading, this opens up a huge vulnerability, which enables a simple and accessible (even for a person with only basic IT skills) method of efficiently transferring data to an external server. Indeed, the encapsulation of any protocol in Https allows, e.g., unrestricted database transfer to an external server.
How to defend?
It seems that the only effective method against such a situation is SSL protocol offloading. Without it, the security department is defenceless – and the risk to top management (especially in the context of GDPR) is constantly growing.
Source: https://www.domotz.com
—
Do you need cybersecurity solutions for your company – contact us.
