firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Firewall best practices (Morty)
----------------------------------------------------------------------
Message: 1
Date: Fri, 16 Apr 2010 00:41:27 -0400
From: Morty <morty+fw-wiz@frakir.org>
Subject: Re: [fw-wiz] Firewall best practices
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <20100416044127.GA15899@red-sonja>
Content-Type: text/plain; charset=us-ascii
On Wed, Apr 14, 2010 at 09:10:36AM -0400, Jason Lewis wrote:
> The point of my question was if you're forced into a position to
> open everything, what ports *should* you always block and why.
Or less controversially, suppose you *do* have a default deny, and you
get requests to allow point-to-point dataflows (inbound or outbound)
and/or completely open select ports outbound. Which ports/services
should you fight back on or recommend alternatives? As a general
rule, I fight back on protocols that do unencrypted auth and/or are
intended for local LAN use and/or are very attractive to malware
authors. Examples: FTP, telnet, SMTP, portmap, 135, 137, 138, 139,
445, 1433, NFS, IRC.
If you have IDS, your perspective might change because crypto-enabled
ports cause you to lose insight.
- Morty
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 48, Issue 7
***********************************************
No comments:
Post a Comment