Empêchez tout accès à Internet direct. Forcez le passage par un proxy et IDS.

All the connections from your internal network to the internet must go via a proxy (no direct connection).

Use a gateway firewall to require use of a split DNS server, an email server, and an authenticated web proxy server for outbound web connections.