Firewall Wizards mailing list archives
Re: Permissive Firewall Policy
From: "Fetch, Brandon" <BFetch () texpac com>
Date: Fri, 22 Sep 2006 17:23:32 -0400
New or not, this is a place for questions. Here goes... There's not really a list of the "bad" ports/protocols but more accurately a list of ports/protocols that your company needs to use. Best option would be to create an outbound ACL with a "permit ip any any log" and then analyze your log results after a few days/weeks to determine the extent of ports that are used across your firewall if you don't know that already. Caveat with this option: if you're running a large volume of outbound traffic you could choke your firewall with logging everything outbound like that so be prudent with the level of logging you choose. Based upon your analysis you should be able to come up with a nice list of ports/protocols that are needed/in use by your installation and can then begin whittling down the list to the bare essentials while denying the rest without impacting overall operations of the company. HTH, Brandon ________________________________ From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Kevin Hinze Sent: Thursday, September 21, 2006 10:45 AM To: firewall-wizards () listserv icsalabs com Subject: [fw-wiz] Permissive Firewall Policy New to the list, so hope this has not already been covered numerous times. I have been asked to move from a restrictive policy of only allowed/permitted ports are allowed through the Firewall to a permissive policy of deny known "bad" port/protocols and allow all else. Does anyone have lists, bookmarks or the like to show a list of known "bad" ports? I believe this is a bad idea but need some information to prove how difficult it will be to manage. Thanks in advance, Kevin Hinze -- Good judgment comes with experience. Unfortunately, the experience usually comes from bad judgment. ___________________________________________________________________ Kevin Hinze mailto:kevin.hinze () navigators org Intranet Systems Engineer The Navigators This message is intended only for the person(s) to which it is addressed and may contain privileged, confidential and/or insider information. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Any disclosure, copying, distribution, or the taking of any action concerning the contents of this message and any attachment(s) by anyone other than the named recipient(s) is strictly prohibited.
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Permissive Firewall Policy Kevin Hinze (Sep 22)
- Re: Permissive Firewall Policy Marcus J. Ranum (Sep 23)
- Re: Permissive Firewall Policy ArkanoiD (Sep 23)
- Re: Permissive Firewall Policy Scott C. Kennedy (Sep 23)
- Re: Permissive Firewall Policy Anton Chuvakin (Sep 25)
- Re: Permissive Firewall Policy J. Oquendo (Sep 25)
- Re: Permissive Firewall Policy Kevin (Sep 23)
- Re: Permissive Firewall Policy Devdas Bhagat (Sep 23)
- Re: Permissive Firewall Policy Tim Shea (Sep 23)
- <Possible follow-ups>
- Re: Permissive Firewall Policy Fetch, Brandon (Sep 23)
- Re: Permissive Firewall Policy Marcus J. Ranum (Sep 23)