Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: <lordchariot () embarqmail com>
Date: Thu, 29 Nov 2007 12:06:34 -0500
I think this came out yesterday. Amongst other recommendations are these snippets. SANS Top-20 2007 Security Risks (2007 Annual Update) http://www.sans.org/top20/ <...snip...> Z1.4. How to Protect against the vulnerabilities Protecting against zero day vulnerability exploitation is a matter of great concern for most system administrators. To reduce the impact of a zero day attack, follow best business practices such as: * Adopt a deny-all stance on firewalls and perimeter devices that protect internal networks * Separate public-facing servers from internal systems <...snip...> Sigh. Do you think anyone will start listening yet? Patrick M. Hausen wrote:
E.g. does PIX still have these implied rules that say: if I configure port X from here to there, this automatically implies the same access to all interfaces with a lower security level than 'there'? This is the case in 6.x - now, whoever at Cisco came up with this concept should be shot. I have not looked at 7.x or ASA, yet.
Patrick, I've been wondering the same thing. I have customers with ASA and they still seem to have an allow-all default (judging from the number of them I've run across that are actively botted.) I would like to confirm if the ASA still has the default allow-all outbound policy. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. jason (Nov 27)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 28)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 28)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 29)
- Re: Firewalls that generate new packets.. lordchariot (Nov 29)
- Re: Firewalls that generate new packets.. Cat Okita (Nov 26)
- Re: Firewalls that generate new packets.. Chris Blask (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 26)
- Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 26)
- Message not available
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)