Re: Benefit of firewall over NAT-only 'protected' network

[Paul Robertson <proberts () patriot net>]

On Wed, 28 May 2003 ark () eltex net wrote:

> nuqneH,
>
> What's wrong with irc? It is a good communication tool. 

It's a great communication tool- however, as I stated, it's the #1 control 
vector for trojaned machines.  Since 99% of the example I used, small 
offices don't have *any business reason* to do IRC, it's perfectly 
legitimate to block it for those users by default.  

> Even "out of the box" irc is not more insecure than widely-used ICQ.
> I even encourage users to use corporate IRC server as generic 
> messaging tool. It is far better than using ICQ (with mirabilis servers
> usually!) as _really many_ companies that have no own IM system do.

It's not about IRC as an attack vector, it's about IRC as a control vector 
and the small number of people who have a business case to use it from 
work.  I use IRC, and I even use IRC from work- but I don't go out via 
6667 from the office directly.  In fact, most large companies would do 
good to block and log outbound TCP 6667, some of the largest botnets I've 
seen have been on sites that allow all TCP outbound.  I don't know about 
you, but I'd really rather not see people try to clean up an internal worm 
infection, deal with child pornography on what could be business-critical 
servers, and have RIAA/MPAA filing suits left and right because they let 
out a port that _they_neither_need_,_nor_use.  

Regards,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards