The New Internet | slacker news

1. Bluecobra ◴[27 Jul 24 02:08 UTC] No.41083984[source]▶

> Every device gets an IP address and a DNS name and end-to-end encryption and an identity, and safely bypasses firewalls.

Tailscale can certainly be blocked on NGFW firewalls like Palo Alto. I am not a BOFH, but also can’t have random employees circumventing security policies by setting up tailscale and leaving permanent backdoors in my corporate network.

I remember the good old days when everyone had a public IP on the Internet and how easy it was to setup things. It was cool and fun while it lasted. But now things are different and security is a nightmare when we have to deal with things like ransomware.

replies(2): >>41084080 #>>41085628 #

2. iczero ◴[27 Jul 24 02:33 UTC] No.41084080[source]▶

>>41083984 (TP) #

Tailscale doesn't even try to hide their MP or DP traffic. Last I checked, management was plain https and data was plain wireguard.

3. vwkd ◴[27 Jul 24 10:31 UTC] No.41085628[source]▶

>>41083984 (TP) #

> can’t have random employees circumventing security policies by setting up tailscale and leaving permanent backdoors in my corporate network

Tailscale isn't exactly an open door. Only machines signed-in via SSO can access a Tailscale network.

If you don't trust your employees to safeguard their credentials and machines then how do you trust them at all? Keep them in an airtight underground bunker chained to their desks? Not sure what threat you're modeling for...

replies(1): >>41087056 #

4. Bluecobra ◴[27 Jul 24 15:07 UTC] No.41087056[source]▶

>>41085628 #

I'm talking about people who want to use Tailscale for personal reasons. For example someone can setup a Tailscale instance between their work computer and home computer and circumvent the corporate VPN/MFA policies for remote access. I doubt they being malicious but what if their home PC gets hit with malware? A threat actor could then use the existing Tailscale instance to get into the corporate network.