Security Basics mailing list archives
RE: Open All Outbound Ports?
From: "Bill Lavalette" <billl () cyberbase7 com>
Date: Fri, 8 Nov 2002 23:37:14 -0600
Tony - Here is what is say... First define the business need of the port to be opened.. Second provide the name of the business application that needs this port open third provide the project plan for implementation of the application. fourth tell me who the business owner is for the project. If they come up with these four things on a per port basis then use your judgment. <insert Joke> Adjust Security policy which denies proposed plan </end joke> Seriously if you do not have one start one or at least get some corporate backing on security since you stated that the firewall group goes to you that indicates to me your a decision maker. I would also re-evaluate your security team if they are making unsound requests. you are right in thinking opening all outbound ports is a bad idea. classic example is here.. director of marketing takes laptop home. director gets hacked via Trojan downloaded from non corporate mail. director brings laptop back to work. using netcat hacker sets up opens backdoor via a allowed port... and tunnels out through a high port to avoid detection. your firewall team wont see this if the port is open... Obviously there are many things that might catch the Trojan I.E. corp. AV etc. but this is a classic order of events that could spell disaster for you.. Hope this helps, Bill Lavalette Chief Security Officer CyberBase7 Security Services METRO-SOC Email:Operations () cyberbase7 com http://www.cyberbase7.com -----Original Message----- From: tony tony [mailto:tonytorri () yahoo com] Sent: Thursday, November 07, 2002 7:34 PM To: security-basics () securityfocus com Subject: Open All Outbound Ports? Hi, Our firewall group has came to me several times over the last few months wanting my approval to open all of the OUTBOUND ports on our firewall facing the internet. Their argument is that this would not significantly reduce our security and it will reduce their time/effort in administration. They claim they get several requests a week to open up out bound ports and the number keeps growing each month. They want to go for the gustoand open up all 65,000+ outbound ports. I am in the security area and they want my agreement/sign off before they do this. It just does not feel/smell right but I am losing ground with my arguments. What are some good arguments I can use? Tony __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2
Current thread:
- Open All Outbound Ports? tony tony (Nov 08)
- RE: Open All Outbound Ports? Bill Lavalette (Nov 09)
- Re: Open All Outbound Ports? Meritt James (Nov 12)
- Re: Open All Outbound Ports? Sumit Dhar (Nov 13)
- Re: Open All Outbound Ports? Meritt James (Nov 12)
- Re: Open All Outbound Ports? Jens Rantil (Nov 09)
- Re: Open All Outbound Ports? Vince Hillier (Nov 11)
- RE: Open All Outbound Ports? Clint Harris (Nov 12)
- AW: Open All Outbound Ports? Robert Sieber (Nov 13)
- <Possible follow-ups>
- RE: Open All Outbound Ports? Garbrecht, Frederick (Nov 11)
- RE: Open All Outbound Ports? Naveed Ahmed (Nov 12)
- Re: Open All Outbound Ports? m2dzus (Nov 11)
- Re: Open All Outbound Ports? James Butcher (Nov 12)
(Thread continues...)
- RE: Open All Outbound Ports? Bill Lavalette (Nov 09)