Educause Security Discussion mailing list archives
Re: Firewall - Outbound Ports
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 29 Jan 2008 11:14:47 -0600
At 10:48 AM 1/29/2008, Michael Hornung put fingers to keyboard and wrote:
If you're attempting to block certain activities, not just ports for their own sake -- I mean, what's wrong with the number 445 anyway? -- it would seem more effective to use layer7 packet filtering or shaping to accomplish your goals. Firewalling at layers 3/4 only encourages a place we don't want to be, the port 80 Internet.
I think it depends on many factors, including your goals and objectives, resources (especially financial and people), and the amount of traffic you have to deal with. I suspect that in an ideal world, a mutli-layer approach would be best. That being said, filters at layers 3/4 are cheap and can be effective against certain attacks, but they do have their limits. A proper risk assessment will help solidify what mitigation processes will be effective in your organization. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Firewall - Outbound Ports Chris Golden (Jan 29)
- <Possible follow-ups>
- Re: Firewall - Outbound Ports Michael Hornung (Jan 29)
- Re: Firewall - Outbound Ports Consolvo, Corbett D (Jan 29)
- Re: Firewall - Outbound Ports Roger Safian (Jan 29)
- Re: Firewall - Outbound Ports Joseph Karam (Jan 30)
- Re: Firewall - Outbound Ports Roger Safian (Jan 30)
- Re: Firewall - Outbound Ports Valdis Kletnieks (Jan 30)