Educause Security Discussion mailing list archives
Re: Inbound Default Deny Policy at Internet Border
From: "Brawner, David" <dbrawner () MARYVILLE EDU>
Date: Mon, 16 May 2005 08:35:03 -0500
At Maryville University of St. Louis, we have had a default deny policy in place both inbound and outbound for more than 2 years. It has saved our skins more than once. We occasionally have an application that requires us to investigate and open a port, but they are few and far between after the first 3-4 weeks of use. I know that I sleep well with the policy in place, and we have not had a single warning from our ISP about any of our addresses port scanning, spreading viruses, causing DDOS attacks, or "being a bad Internet neighbor". The policy also makes it that much harder for spyware and viruses to spread onto our campus through our Internet connection. The political fallout was short-lived. We had a handful of urgent requests at the beginning (again, within the first 3-4 weeks) and then things settled down and have run smoothly. Obviously, I would encourage you to go forward with a default deny policy. Good luck! David S. Brawner Manager of Network & User Services Maryville University of Saint Louis -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn Sent: Friday, May 13, 2005 2:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Inbound Default Deny Policy at Internet Border We're looking at implementing a default deny inbound policy at our Internet border this summer. Anyone have any concerns or experiences they would like to share? -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Inbound Default Deny Policy at Internet Border Gary Flynn (May 13)
- <Possible follow-ups>
- Re: Inbound Default Deny Policy at Internet Border Daniel Adinolfi (May 13)
- Re: Inbound Default Deny Policy at Internet Border Scholz, Greg (May 13)
- Re: Inbound Default Deny Policy at Internet Border Daniel Adinolfi (May 13)
- Re: Inbound Default Deny Policy at Internet Border Valdis Kletnieks (May 13)
- Re: Inbound Default Deny Policy at Internet Border Gary Flynn (May 13)
- Re: Inbound Default Deny Policy at Internet Border Daniel Medina (May 13)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 15)
- Re: Inbound Default Deny Policy at Internet Border Jeffrey I. Schiller (May 15)
- Re: Inbound Default Deny Policy at Internet Border Michael Sinatra (May 15)
- Re: Inbound Default Deny Policy at Internet Border Brawner, David (May 16)
- Re: Inbound Default Deny Policy at Internet Border Gary Flynn (May 16)
- Re: Inbound Default Deny Policy at Internet Border Gary Flynn (May 16)
- Re: Inbound Default Deny Policy at Internet Border Gary Flynn (May 16)
- Re: Inbound Default Deny Policy at Internet Border Graham Toal (May 16)
- Re: Inbound Default Deny Policy at Internet Border John Kristoff (May 16)
- Re: Inbound Default Deny Policy at Internet Border Eric Pancer (May 16)
- Re: Inbound Default Deny Policy at Internet Border Cal Frye (May 16)
- Re: Inbound Default Deny Policy at Internet Border Michael Sinatra (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Valdis Kletnieks (May 16)
(Thread continues...)