Security Basics mailing list archives

RE: NetScreen XP and NetMeeting

From: "Gunn, Jeff" <Jeff.Gunn () FMR COM>
Date: Mon, 16 Dec 2002 08:59:28 -0500


No, of course I'm not sure - that's why I'm on a security vasics list.  ;)
Seriously though, what I said was that a lot of devices (personal ones,
anyway) will allow connections in and out that are initiated behind the
firewall, and that this may be an incorrect assumption.  I wasn't saying it
was a good idea.

        Jeff

-----Original Message-----
From: Robert Sieber [mailto:rsieber () web de]
Sent: Sunday, December 15, 2002 6:27 PM
To: Gunn, Jeff; security-basics () lists securityfocus com
Subject: AW: NetScreen XP and NetMeeting

The big scary-looking range of ports (1024-65535) are outbound UDP ports,
which is a very common requirement.  A lot of firewalls allow this by
default because it can be (sometimes incorrectly) assumed that a 
connection
originating from behind the firewall going out to the internet should be
allowed.


Are you sure??? From my expiriences more than half of the
danger come from inside a network! Think of trojans, bad
employees and so on. It is not a good idea to open a lot
of ports. 

Maybe you can use the H.323 support of netscreen?

Robert

-- 
http://board.protecus.de - Firewalls, Security and more ...

Current thread:

RE: NetScreen XP and NetMeeting Sarbjit Singh Gill (Dec 12)
- Re: NetScreen XP and NetMeeting Igor D. Spivak (Dec 13)
- RE: NetScreen XP and NetMeeting HOULE, FRANCIS (Dec 13)
  - RE: NetScreen XP and NetMeeting Sarbjit Singh Gill (Dec 16)
- <Possible follow-ups>
- RE: NetScreen XP and NetMeeting Murat_Korkmaz (Dec 12)
- RE: NetScreen XP and NetMeeting Gunn, Jeff (Dec 13)
  - RE: NetScreen XP and NetMeeting Sarbjit Singh Gill (Dec 16)
  - AW: NetScreen XP and NetMeeting Robert Sieber (Dec 16)
- RE: NetScreen XP and NetMeeting Gunn, Jeff (Dec 16)
- RE: NetScreen XP and NetMeeting Brian Bruns (Dec 17)
  - RE: NetScreen XP and NetMeeting Sarbjit Singh Gill (Dec 18)