Educause Security Discussion mailing list archives

Re: Firewall - Outbound Ports

From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 29 Jan 2008 11:14:47 -0600

At 10:48 AM 1/29/2008, Michael Hornung put fingers to keyboard and wrote:

If you're attempting to block certain activities, not just ports for their
own sake -- I mean, what's wrong with the number 445 anyway? -- it would
seem more effective to use layer7 packet filtering or shaping to
accomplish your goals.  Firewalling at layers 3/4 only encourages a place
we don't want to be, the port 80 Internet.


I think it depends on many factors, including your goals and objectives,
resources (especially financial and people), and the amount of traffic
you have to deal with.  I suspect that in an ideal world, a mutli-layer
approach would be best.  That being said, filters at layers 3/4 are cheap
and can be effective against certain attacks, but they do have their
limits.  A proper risk assessment will help solidify what mitigation
processes will be effective in your organization.


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"

Current thread:

Firewall - Outbound Ports Chris Golden (Jan 29)
- <Possible follow-ups>
- Re: Firewall - Outbound Ports Michael Hornung (Jan 29)
- Re: Firewall - Outbound Ports Consolvo, Corbett D (Jan 29)
- Re: Firewall - Outbound Ports Roger Safian (Jan 29)
- Re: Firewall - Outbound Ports Joseph Karam (Jan 30)
- Re: Firewall - Outbound Ports Roger Safian (Jan 30)
- Re: Firewall - Outbound Ports Valdis Kletnieks (Jan 30)