30 votesMrMuishond commented
Trivial to implement and without this anything based on domain names (web filtering, ntp) is vulnerable.
DNSSEC should also be implemented on all Sophos sites.
108 votesMrMuishond commented
Just an observation: Powershell does an excellent job of parsing XML. It would automatically tabulate the export, and allow deep querying.
It’s probably quite easy to write a script to turn one into the other too.