Security Basics mailing list archives
Re: Open All Outbound Ports?
From: "James Lee Gromoll" <jgromoll () hotmail com>
Date: Thu, 14 Nov 2002 09:34:41 -0800
Wow! When I first read this I thought, "Gee, what kind of drugs is his firewall group on?" then I found the whole point of this.....
++++ I am in the security area and they want my agreement/sign off before they do this. ++++
They are obviously looking for a fall guy. Feel like a chump? In all honesty, you might and probably should be pissed off that they even considered this. The flood of peer to peer proggies not to mention the IM crap and everything else associated with doing that is silly. They're firewall guys; do the homework and figure out what's going on; block what needs blocking and open what needs open for your business.
jim
From: David Weinberg <weinberg () bigpond net au>To: 'tony tony' <tonytorri () yahoo com>,security-basics () securityfocus com, tonytorri () yahoo comSubject: Re: Open All Outbound Ports? Date: Tue, 12 Nov 2002 10:36:51 +1100 Opening all outbound ports will also alow peer-peer programs (like Kazza, Napster etc) and Spyware which will consume *most* of your bandwidth. So asside from the obvious security risks (tojans etc), you can also watch your bandwidth go down, down, down. Unless ofcourse, you work for an ISP/Telco ;) > > Hi, > > > > Our firewall group has came to me several times over the last > few months > > wanting my approval to open all of the ?OUTBOUND? ports on our > firewall facing > > the internet. Their argument is that this would not > significantly reduce our > > security and it will reduce their time/effort in administration. > They claim > > they get several requests a week to open up out bound ports and > the number > > keeps growing each month. They want to go for the gusto?and open > up all 65,000+ > > outbound ports. > > > > I am in the security area and they want my agreement/sign off > before they do > > this. It just does not ?feel/smell right? but I am losing > ground with my > > arguments. What are some good arguments I can use? > > > > Tony > > > > > > __________________________________________________ > > Do you Yahoo!? > > U2 on LAUNCH - Exclusive greatest hits videos > > http://launch.yahoo.com/u2 >
_________________________________________________________________The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Current thread:
- Re: Open All Outbound Ports?, (continued)
- Re: Open All Outbound Ports? m2dzus (Nov 11)
- Re: Open All Outbound Ports? James Butcher (Nov 12)
- Re: Open All Outbound Ports? mitch_latham (Nov 11)
- Re: Open All Outbound Ports? Chris Berry (Nov 12)
- RE: Open All Outbound Ports? Chris Alliey (Nov 15)
- RE: Open All Outbound Ports? Mark Merchant (Nov 18)
- RE: Open All Outbound Ports? G. Class (Nov 21)
- Message not available
- RE: Open All Outbound Ports? Mark Merchant (Nov 22)
- RE: Open All Outbound Ports? Chris Alliey (Nov 15)
- Re: Open All Outbound Ports? m2dzus (Nov 11)