Security Basics mailing list archives
Re: Firewall setup
From: Sebastian Schneider <ses () straightliners de>
Date: Tue, 16 Sep 2003 01:33:53 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Gaz, usually you do it the other way 'round. That is by allowing the sort of traffic that fits your needs and requirements. Depending on what you do and which services you use, the ports 25 (smtp), 53 (nameserver), 80 (http), 110 (pop3) and 443 (https) are common. Please take account of the source and destinations, since rules and filter may depend on that. When talking about "return connections" (so-called related and established traffic), I suppose you're talking about stateful firewalls like iptables. There are different kinds of firewall technologies (packet filter, stateful firewalls and proxy firewalls, or combinations of these). So your setup will differ regarding the type chosen. However, the default policy should be deny or drop, depending on the software chosen. Thus just allowed traffic will traverse your firewall and everything else will be dropped. I guess, this is what's crossing your mind when talking about a proactive approach. If you're about to connect more than one workstation or server to the internet, you'll need to use NAT (sometimes called PAT). As you say, you don't want to block all outgoing traffic, which is a easy to use but no secure way. You can adopt that to your firewall when defining the filters. Something like block all outgoing broadcasts, traffic with a source OR destination port of 135-139 or 445. If you're running MacOS based computers within your environment you should drop afs (Apple file sharing) traffic as well. You're appropriate incoming ruleset will just allow new connections to well-defined services or already related or established traffic. Kindest Regards, Sebastian On Monday 15 September 2003 17:33, Gaz Wilson wrote:
Hi all, I'm about to get *DSL in my village, and I am going to want to operate a firewall naturally. I know about blocking all incoming ports bar any service I want to run and "return connections", but with the increase in worms et al flying around (mixed network, UNIX and Windows (prob 2k)), it strikes me that being a bit more proactive and blocking certain outgoing ports would be a good idea. I don't need any MS based traffic leaving the private network, so I wanted to ask the specialists, you lot, what your opinions are of what would be a fairly secure set of ports to block to help stop info leakage etc? (I don't want to block all outgoing except for known services though, as the uses of the boxes on the network may vary and I don't want to have to reconfig the firewall quite that often :) ) TIA Gaz
- -- Sebastian Schneider straightLiners IT Consulting & Services Metzer Str. 12 13595 Berlin Germany Fon: +49-30-3510-6168 Fax: +49-30-3510-6169 www.straightliners.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/ZkxhQ7mOWZBxbPcRAsCgAJ9ESQ6hNUWlb3acKUJxcHuFcrbyTwCg0vwv dqhkimyu6uAGDUJbiCMrnPY= =XnFj -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Firewall setup Gaz Wilson (Sep 15)
- Re: Firewall setup Sebastian Schneider (Sep 16)
- Re: Firewall setup irado furioso com tudo (Sep 16)