Security Basics mailing list archives
RE: NetScreen XP and NetMeeting
From: "Gunn, Jeff" <Jeff.Gunn () FMR COM>
Date: Mon, 16 Dec 2002 08:59:28 -0500
No, of course I'm not sure - that's why I'm on a security vasics list. ;) Seriously though, what I said was that a lot of devices (personal ones, anyway) will allow connections in and out that are initiated behind the firewall, and that this may be an incorrect assumption. I wasn't saying it was a good idea. Jeff -----Original Message----- From: Robert Sieber [mailto:rsieber () web de] Sent: Sunday, December 15, 2002 6:27 PM To: Gunn, Jeff; security-basics () lists securityfocus com Subject: AW: NetScreen XP and NetMeeting
The big scary-looking range of ports (1024-65535) are outbound UDP ports, which is a very common requirement. A lot of firewalls allow this by default because it can be (sometimes incorrectly) assumed that a connection originating from behind the firewall going out to the internet should be allowed.
Are you sure??? From my expiriences more than half of the danger come from inside a network! Think of trojans, bad employees and so on. It is not a good idea to open a lot of ports. Maybe you can use the H.323 support of netscreen? Robert -- http://board.protecus.de - Firewalls, Security and more ...
Current thread:
- RE: NetScreen XP and NetMeeting Sarbjit Singh Gill (Dec 12)
- Re: NetScreen XP and NetMeeting Igor D. Spivak (Dec 13)
- RE: NetScreen XP and NetMeeting HOULE, FRANCIS (Dec 13)
- RE: NetScreen XP and NetMeeting Sarbjit Singh Gill (Dec 16)
- <Possible follow-ups>
- RE: NetScreen XP and NetMeeting Murat_Korkmaz (Dec 12)
- RE: NetScreen XP and NetMeeting Gunn, Jeff (Dec 13)
- RE: NetScreen XP and NetMeeting Sarbjit Singh Gill (Dec 16)
- AW: NetScreen XP and NetMeeting Robert Sieber (Dec 16)
- RE: NetScreen XP and NetMeeting Gunn, Jeff (Dec 16)
- RE: NetScreen XP and NetMeeting Brian Bruns (Dec 17)
- RE: NetScreen XP and NetMeeting Sarbjit Singh Gill (Dec 18)