Security Basics mailing list archives
Re: Open All Outbound Ports?
From: Jens Rantil <jens.rantil () telia com>
Date: Sat, 9 Nov 2002 12:24:16 +0100
Hi Tony, Running your server with all outbound ports open is NOT secure. Even if the administrators claim they know all the applications using the ports they will never, for example, know when there is a trojan horse lying and waiting för an inbound connection...firewalling is a way to control which services which are open to the net and if they choose to let the internet itself control what the machine is doing, sure it's their decision (but it's stupid) but it is VERY insecure. /Jens On Thu, 7 Nov 2002 17:33:52 -0800 (PST) tony tony <tonytorri () yahoo com> wrote:
Hi, Our firewall group has came to me several times over the last few months wanting my approval to open all of the _OUTBOUND_ ports on our firewall facing the internet. Their argument is that this would not significantly reduce our security and it will reduce their time/effort in administration. They claim they get several requests a week to open up out bound ports and the number keeps growing each month. They want to go for the gusto_and open up all 65,000+ outbound ports. I am in the security area and they want my agreement/sign off before they do this. It just does not _feel/smell right_ but I am losing ground with my arguments. What are some good arguments I can use? Tony __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2
Attachment:
_bin
Description:
Current thread:
- Open All Outbound Ports? tony tony (Nov 08)
- RE: Open All Outbound Ports? Bill Lavalette (Nov 09)
- Re: Open All Outbound Ports? Meritt James (Nov 12)
- Re: Open All Outbound Ports? Sumit Dhar (Nov 13)
- Re: Open All Outbound Ports? Meritt James (Nov 12)
- Re: Open All Outbound Ports? Jens Rantil (Nov 09)
- Re: Open All Outbound Ports? Vince Hillier (Nov 11)
- RE: Open All Outbound Ports? Clint Harris (Nov 12)
- AW: Open All Outbound Ports? Robert Sieber (Nov 13)
- <Possible follow-ups>
- RE: Open All Outbound Ports? Garbrecht, Frederick (Nov 11)
- RE: Open All Outbound Ports? Naveed Ahmed (Nov 12)
- Re: Open All Outbound Ports? m2dzus (Nov 11)
- Re: Open All Outbound Ports? James Butcher (Nov 12)
- Re: Open All Outbound Ports? mitch_latham (Nov 11)
- Re: Open All Outbound Ports? Chris Berry (Nov 12)
- RE: Open All Outbound Ports? Chris Alliey (Nov 15)
(Thread continues...)
- RE: Open All Outbound Ports? Bill Lavalette (Nov 09)