Re: Permissive Firewall Policy

["Fetch, Brandon" <BFetch () texpac com>]

New or not, this is a place for questions. Here goes...

 

There's not really a list of the "bad" ports/protocols but more
accurately a list of ports/protocols that your company needs to use.

Best option would be to create an outbound ACL with a "permit ip any any
log" and then analyze your log results after a few days/weeks to
determine the extent of ports that are used across your firewall if you
don't know that already.

Caveat with this option: if you're running a large volume of outbound
traffic you could choke your firewall with logging everything outbound
like that so be prudent with the level of logging you choose.

 

Based upon your analysis you should be able to come up with a nice list
of ports/protocols that are needed/in use by your installation and can
then begin whittling down the list to the bare essentials while denying
the rest without impacting overall operations of the company.

 

HTH,

Brandon

 

________________________________

From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of
Kevin Hinze
Sent: Thursday, September 21, 2006 10:45 AM
To: firewall-wizards () listserv icsalabs com
Subject: [fw-wiz] Permissive Firewall Policy

 

New to the list, so hope this has not already been covered numerous
times.

I have been asked to move from a restrictive policy of only
allowed/permitted ports are allowed through the Firewall to a permissive
policy of deny known "bad" port/protocols and allow all else.  Does
anyone have lists, bookmarks or the like to show a list of known "bad"
ports?  I believe this is a bad idea but need some information to prove
how difficult it will be to manage.

Thanks in advance,

Kevin Hinze


-- 
Good judgment comes with experience. Unfortunately, the experience
usually comes from bad judgment.
___________________________________________________________________
Kevin Hinze                       mailto:kevin.hinze () navigators org
Intranet Systems Engineer                     The Navigators




This message is intended only for the person(s) to which it is addressed 
and may contain privileged, confidential and/or insider information. 
If you have received this communication in error, please notify us 
immediately by replying to the message and deleting it from your computer. 
Any disclosure, copying, distribution, or the taking of any action concerning
the contents of this message and any attachment(s) by anyone other 
than the named recipient(s) is strictly prohibited.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards