I recently had to
bypass my company policy by establishing a VPN connection from a LAN device (raspberry pi) located inside my company, to a WAN server.
As devices accessible from outside must be placed in the DMZ, I couldn’t get a proper authorization to do this. In fact, it is too complex and it requires to many approvals. So, because I am lazy, I am just using openvpn to connect my Raspberry Pi to the outside through a virtual machine located on the cloud. Then from this VM I can reach my device without opening any port on the master firewall.
Just to avoid any problem with the IT, I am not using the standard 1194 port, but a more standard one : 443.
With this I realized how weak is that concept of DMZ. Even with a strong firewall, it is still possible to place a spying mole inside a company. Is this my company IT security policies really bad or is this just really hard to prevent such mechanism to be put in place?