Security Basics mailing list archives
Re: Unrestricted Outbound Web Server Access Opinion
From: Diego Kellner <dkepler () gmail com>
Date: Wed, 4 May 2005 09:25:29 -0300
Paul, the main problem with unrestricted outbound access is the one you mention. Once the security of the server is compromised, it is easier to transfer data from/to the server. It is not impossible if you restrict traffic to port 80, it makes it harder for the script kiddies.It is a good policy to have both inbound as well as outbound traffic restricted, and it's one the things that's usually neglected in some firewall solutions, such as PIX, where rules (access lists) are applied to inbound traffic only in the outside interface. The real question, however, is why is it that they need unrestricted outbound access? Regards, Kepler On 5/3/05, Paul Guibord <pguibord () tngtech net> wrote:
Hello All, Someone within our company wants our Internet facing web servers to have unrestricted outbound access. Port 80 is the only port permitted from the outside coming in. I need the experts opinion why we do not want to permit this PLEASE. Two things I could think of are if the web servers were compromised, then the hacker would have the ability offload any data they want. Another being if they were infected with a worm they would bring down the Internet T1 in their attempt to find other devices to infect. Thanks in advance for everyone's input. Paul
Current thread:
- Unrestricted Outbound Web Server Access Opinion Paul Guibord (May 03)
- Re: Unrestricted Outbound Web Server Access Opinion Jon Hart (May 04)
- RE: Unrestricted Outbound Web Server Access Opinion David Gillett (May 05)
- Re: Unrestricted Outbound Web Server Access Opinion David Glosser (May 05)
- RE: Unrestricted Outbound Web Server Access Opinion Hamish Stanaway (May 05)
- RE: Unrestricted Outbound Web Server Access Opinion Micro Kluge (May 05)
- Re: Unrestricted Outbound Web Server Access Opinion Diego Kellner (May 05)
- Re: Unrestricted Outbound Web Server Access Opinion Mark Leonard (May 05)
- RE: Unrestricted Outbound Web Server Access Opinion Keenan Smith (May 10)
- Re: Unrestricted Outbound Web Server Access Opinion Chris Keladis (May 11)
- <Possible follow-ups>
- RE: Unrestricted Outbound Web Server Access Opinion Andrew Shore (May 05)
- Re: Unrestricted Outbound Web Server Access Opinion Jon Hart (May 04)