Educause Security Discussion mailing list archives
Re: Firewall Upgrade
From: Mike Osterman <ostermmg () WHITMAN EDU>
Date: Fri, 14 Feb 2014 12:07:57 -0800
Randy--I think there was a misunderstanding. The thread was (meant to be) about blocking of inbound SMTP, which some of us had some technical concerns about, specifically with regard to the with the Palo Alto implementation. The scenario would be to keep something like CryptoLocker from ever reaching your users. On Feb 14, 2014, at 11:50 AM, randy <marchany () VT EDU> wrote:
I know this is a silly question but from what I'm reading on this thread, we're talking about putting an SMTP block on ALL outbound email? I hope that's not the case because that doesn't make any sense. How do you distinguish between legit and bad outbound traffic? IMHO, the only value a FW has these days is to block unsolicited inbound connections. Using a combo of devices like PA, FireEye(my favorite), Stonesoft, Snort, etc in combo with subscribing to some sort of threat intelligence services (Fireeye, secureworks, etc.) to monitor outbound traffic is more effective. SMTP servers are embedded in all sorts of devices ranging from printers, copiers and scanners. Effective patch mgt solutions like BigFix etc are proving to be more effective in halting malware infections that manage to make it past the IDS/IPS sensors. Yes, the malware got loaded on the target but it needs to exploit a hole in a software component and if that hole was patched effectively, the net result is the machine wasn't compromised. Blocking the outbound communication to a controller is key. It's hard but the technology is getting better. Network Security Monitoring aka Continuous Monitoring of outbound traffic seems to be the more effective solution. -Randy Marchany VA Tech IT Security Office and Lab.
Current thread:
- Re: Firewall Upgrade, (continued)
- Re: Firewall Upgrade Ben Parker (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Ian McDonald (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Pete Hickey (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Derek Diget (Feb 14)
- Re: Firewall Upgrade randy (Feb 14)
- Re: Firewall Upgrade Nathaniel Hall (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Ben Parker (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Mark Rogowski (Feb 14)
- Re: Firewall Upgrade Ben Parker (Feb 14)