Comment by oremolten
1 year ago
Well its primarily because the security vendors for say WAFs and other tools list these IPs in the "Anonymizers" or "VPN" category and most typically these are blocked as seldom do you see legitimate traffic originating to your store front or accounts pages from these. Another vendor we use lists these under "hacking tools" So your option as a security professional is to express to your risk management team we allow "hacking tools" or lose iCloud Relay customers. Which way do you think they steer? In alternative cases a site may use a vendor for their cart/checkout page and don't even have control over these blocks as they are also blocking "hacking tools" or "anonymizers" from hitting their checkout pages.
> So your option as a security professional is to express to your risk management team we allow "hacking tools" or lose iCloud Relay customers
a professional would explain how the vendor is being lazy and making a mistake there because they don't understand your business.
depending on the flavor of security professional (hacker) they might also subtly suggest that this vendor is dumb and should be embarrassed they've made this mistake, thus creating the implication that if you still want to block these users you would also have to be an idiot
under so circumstance is what I ever allow anyone to get the mistaken impression that some vendor understands my job better than I do. As a "security professional" it's literally your job to identify hostile traffic, better than a vendor could.
Oh I think we all know that the Endgame is only allowing the approved webbrowser from the approved hardware. And getting on those lists will be made very expensive indeed...
Wait till you see how M365 does management around iCloud relay makes it real fun troubleshooting suspicious login parameters...