Security Basics mailing list archives

RE: Open All Outbound Ports?

From: "Bill Lavalette" <billl () cyberbase7 com>
Date: Fri, 8 Nov 2002 23:37:14 -0600

Tony -

Here is what is say...

First define the business need of the port to be opened..
Second provide the name of the business application that needs this port
open
third provide the project plan for implementation of the application.
fourth tell me who the business owner is for the project.

If they come up with these four things on a per port basis then use your
judgment.

<insert Joke> Adjust Security policy which denies proposed plan </end joke>

Seriously if you do not have one start one or at least get some corporate
backing on security since you stated that the firewall group goes to you
that indicates to me your a decision maker. I would also re-evaluate your
security team if they are making unsound requests. you are right in thinking
opening all outbound ports is a bad idea. classic example is here..

director of marketing takes laptop home.

director gets hacked via Trojan downloaded from non corporate mail.

director brings laptop back to work.

using netcat hacker sets up opens backdoor via a allowed port... and tunnels
out through a high port to avoid detection.

your firewall team wont see this if the port is open...

Obviously there are many things that might catch the Trojan I.E. corp. AV
etc. but this is a classic order of events that could spell disaster for
you..

Hope this helps,

Bill Lavalette
Chief Security Officer
CyberBase7 Security Services METRO-SOC
Email:Operations () cyberbase7 com
http://www.cyberbase7.com




-----Original Message-----
From: tony tony [mailto:tonytorri () yahoo com]
Sent: Thursday, November 07, 2002 7:34 PM
To: security-basics () securityfocus com
Subject: Open All Outbound Ports?


Hi,

Our firewall group has came to me several times over the last few months
wanting my approval to open all of the OUTBOUND ports on our firewall
facing
the internet.  Their argument is that this would not significantly reduce
our
security and it will reduce their time/effort in administration.  They claim
they get several requests a week to open up out bound ports and the number
keeps growing each month. They want to go for the gustoand open up all
65,000+
outbound ports.

I am in the security area and they want my agreement/sign off before they do
this.  It just does not feel/smell right but I am losing ground with my
arguments.  What are some good arguments I can use?

Tony


__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2

Current thread:

Open All Outbound Ports? tony tony (Nov 08)
- RE: Open All Outbound Ports? Bill Lavalette (Nov 09)
  - Re: Open All Outbound Ports? Meritt James (Nov 12)
    - Re: Open All Outbound Ports? Sumit Dhar (Nov 13)
- Re: Open All Outbound Ports? Jens Rantil (Nov 09)
- Re: Open All Outbound Ports? Vince Hillier (Nov 11)
- RE: Open All Outbound Ports? Clint Harris (Nov 12)
- AW: Open All Outbound Ports? Robert Sieber (Nov 13)
- <Possible follow-ups>
- RE: Open All Outbound Ports? Garbrecht, Frederick (Nov 11)
  - RE: Open All Outbound Ports? Naveed Ahmed (Nov 12)
- Re: Open All Outbound Ports? m2dzus (Nov 11)
  - Re: Open All Outbound Ports? James Butcher (Nov 12)

(Thread continues...)