funsec mailing list archives
RE: Windows Vista Firewall: No Outbound Filtering By Default
From: Blanchard_Michael () emc com
Date: Wed, 26 Apr 2006 11:38:46 -0400
well, outbound rules on the host, in an enterprise environment, are just too numerous for Microsoft to be able to accommodate everyone's application. They'd basically have to turn them all on anyway. Now if any product installed on vista would be able to open up their own ports, with user's permission (and perhaps user's password?), then Microsoft could probably ship with all ports turned off in/out. Like a general home user is going to know that they have to turn on port 25 for their mail to work, or whatever port little Tommy needs to play his new game on the internet. Corporate enterprise Environments will be controlling those ports via GPO's anyway, so it doesn't really matter what they set by default I suppose..... Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Fergie Sent: Wednesday, April 26, 2006 11:07 AM To: funsec () linuxbox org Subject: [funsec] Windows Vista Firewall: No Outbound Filtering By Default I'm sure most of you have read this by now, but it raises an interesting point (or two). Ed Skoudis writes on the SANS ISC Daily Handler's Diary: [snip] In a somewhat related story, ZDNet has an interesting article that discusses the fact that Microsoft has decided that the Windows Vista firewall will include no outbound filtering by default. Apparently, Microsoft was considering blocking outbound connections by default, but, in response to large enterprise customer requests, they won't be doing that. Not breaking corporate apps is more important than security, I suppose is the reasoning. This is a change from the original Plan (yes, note the capital P), which said that Vista would ship with a two-way firewall. It still has that capability, but outbound filtering will be turned off by default. I remember a recent fascinating rant from Marcus Ranum, saying (I paraphrase) that a firewall that doesn't block outbound traffic isn't worthy of the name firewall. From the guy who popularized the term firewall so long ago (and the term script kiddie), that's an interesting point. [snip] More: http://isc.sans.org/diary.php?storyid=1293 - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Windows Vista Firewall: No Outbound Filtering By Default Fergie (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Blanchard_Michael (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Larry Seltzer (Apr 26)
- <Possible follow-ups>
- RE: Windows Vista Firewall: No Outbound Filtering By Default Brian Azzopardi (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Larry Seltzer (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default warkda rrior (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Blanchard_Michael (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Krpata, Tyler (Apr 26)