AW: Open All Outbound Ports?

["Robert Sieber" <rsieber () web de>]

> From my point of view there will be a big lack of security if you open all
outbound ports. Every application would have full access to the internet
- do you really want it?

More then 50% of all security risks are base insinde your network. So it
is very important to have an strict policy for outbound applications! You
should review all requests very carfully! Verify if there is a real need
to open this ports - all open ports could be used by other "unfriendly"
programs!

Robert

--
http://board.protecus.de - Firewalls, Security and more ...




-----Ursprungliche Nachricht-----
Von: security-basics-return-15832-rsieber=web.de () securityfocus com
[mailto:security-basics-return-15832-rsieber=web.de () securityfocus com]Im
Auftrag von tony tony
Gesendet: Freitag, 8. November 2002 02:34
An: security-basics () securityfocus com
Betreff: Open All Outbound Ports?


Hi,

Our firewall group has came to me several times over the last few months
wanting my approval to open all of the OUTBOUND ports on our firewall
facing
the internet.  Their argument is that this would not significantly reduce
our
security and it will reduce their time/effort in administration.  They claim
they get several requests a week to open up out bound ports and the number
keeps growing each month. They want to go for the gustoand open up all
65,000+
outbound ports.

I am in the security area and they want my agreement/sign off before they do
this.  It just does not feel/smell right but I am losing ground with my
arguments.  What are some good arguments I can use?

Tony


__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2