RE: SMTP behind NAT

["David Gillett" <gillettdavid () fhda edu>]

> -----Original Message-----
> From: Murda Mcloud [mailto:murdamcloud () bigpond com] 
> Sent: Tuesday, May 05, 2009 5:51 PM
> To: 'Georg Pichler'
> Cc: security-basics () securityfocus com
> Subject: RE: SMTP behind NAT
<snip>
> Well, if it were my network then I would also want to 
> control, filter and monitor egress as well as ingress. But 
> then I have become more paranoid in my old age. Even at home 
> I do that-I filter both ingoing and outgoing.
> One reason being that I want to make sure that if Trojans etc 
> are active in my network then I have a greater chance of 
> noticing and taking appropriate action. I guess at heart I'm 
> a 'default deny' type of guy.

  Egress filtering is part of being a "good netizen".  If something 
that doesn't belong has gotten into your network, it's nice to not
be the vector that spreads it to others.

  Also, an awful lot of malware will bet into even a well-secured 
network (and dorm networks are often held to a lower standard than 
that...) by a wide variety of usually legitimate routes -- http,
https, carried in on a device that got infected elsewhere...
Blocking all of these ingresses is rarely practical, but catching
the malware at egress (phoning home, dishing out spam, etc) is
often very effective at finding only the bad guys and not constantly
throwing false positives or blocking legitimate activity.

David Gillett


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------