Exactly, endpoints should not be listening on the network for instance (its not just about outbound connectivity).
Company laptops often have RDP or SSH open - and newly added software might expose a remote endpoint in future (or a 0 day, like EternalBlue).
And here it comes: then an employee works from home or a coffeeshop and anyone there can attack and try to login! Locking down these things is critical to securing the endpoint.
Company laptops often have RDP or SSH open - and newly added software might expose a remote endpoint in future (or a 0 day, like EternalBlue).
And here it comes: then an employee works from home or a coffeeshop and anyone there can attack and try to login! Locking down these things is critical to securing the endpoint.