Security Basics mailing list archives

Re: Open All Outbound Ports?

From: "James Lee Gromoll" <jgromoll () hotmail com>
Date: Thu, 14 Nov 2002 09:34:41 -0800

Wow! When I first read this I thought, "Gee, what kind of drugs is hisfirewall group on?" then I found the whole point of this.....

++++ I am in the security area and they want my agreement/sign off beforethey do this. ++++

They are obviously looking for a fall guy. Feel like a chump? In allhonesty, you might and probably should be pissed off that they evenconsidered this. The flood of peer to peer proggies not to mention the IMcrap and everything else associated with doing that is silly. They'refirewall guys; do the homework and figure out what's going on; block whatneeds blocking and open what needs open for your business.

jim

From: David Weinberg <weinberg () bigpond net au>

To: 'tony tony' <tonytorri () yahoo com>,security-basics () securityfocus com,tonytorri () yahoo com

Subject: Re: Open All Outbound Ports? Date: Tue, 12 Nov 2002 10:36:51 +1100

Opening all outbound ports will also alow peer-peer programs (like
Kazza, Napster etc) and Spyware which will consume *most* of your
bandwidth.

So asside from the obvious security risks (tojans etc), you can also
watch your bandwidth go down, down, down.

Unless ofcourse, you work for an ISP/Telco ;)


> > Hi,
> >
> > Our firewall group has came to me several times over the last
> few months
> > wanting my approval to open all of the ?OUTBOUND? ports on our
> firewall facing
> > the internet.  Their argument is that this would not
> significantly reduce our
> > security and it will reduce their time/effort in administration.
> They claim
> > they get several requests a week to open up out bound ports and
> the number
> > keeps growing each month. They want to go for the gusto?and open
> up all 65,000+
> > outbound ports.
> >
> > I am in the security area and they want my agreement/sign off
> before they do
> > this.  It just does not ?feel/smell right? but I am losing
> ground with my
> > arguments.  What are some good arguments I can use?
> >
> > Tony
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > U2 on LAUNCH - Exclusive greatest hits videos
> > http://launch.yahoo.com/u2
>



_________________________________________________________________

The new MSN 8: smart spam protection and 2 months FREE*http://join.msn.com/?page=features/junkmail

Current thread:

Re: Open All Outbound Ports?, (continued)
- Re: Open All Outbound Ports? m2dzus (Nov 11)
  - Re: Open All Outbound Ports? James Butcher (Nov 12)
- Re: Open All Outbound Ports? mitch_latham (Nov 11)
- Re: Open All Outbound Ports? Chris Berry (Nov 12)
  - RE: Open All Outbound Ports? Chris Alliey (Nov 15)
    - RE: Open All Outbound Ports? Mark Merchant (Nov 18)
    - RE: Open All Outbound Ports? G. Class (Nov 21)
    - Message not available
    - RE: Open All Outbound Ports? Mark Merchant (Nov 22)
- Re: Open All Outbound Ports? David Weinberg (Nov 12)
- RE: Open All Outbound Ports? DeGennaro, Gregory (Nov 13)
- Re: Open All Outbound Ports? James Lee Gromoll (Nov 16)
- RE: Open All Outbound Ports? Louis Erickson (Nov 16)
- RE: Open All Outbound Ports? Farrelly, Brian (Nov 17)