Security Basics mailing list archives
RE: where should I start? help!
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Mon, 28 Jul 2003 10:08:34 -0700
I second this. However if your users are not use to this restriction, you need to get both upper management backing for the policy and you need to ease your users into this new comfort zone to prevent a reduction in human production and to make sure you will not break anything that is being used for production purposes. Personally, I agree with blocking all inbound\outbound traffic and open only what is needed. However, upper management will get angry if their employees become disgruntled and stop working at the quality they were before. You will need to convince upper management that in the long run, their employees will be more productive because of less distractions and they will not have to worry about IP loss, monetary loss, or law suits from the lack of due diligence of their network security. Regards, Greg DeGennaro Jr., CCNP Security Analyst -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Monday, July 28, 2003 9:59 AM To: 'Jude Naidoo'; 'Jane Han'; 'ALLEN, DONALD S (AIT)'; Gregory_DeGennaro () csaa com Cc: security-basics () securityfocus com Subject: RE: where should I start? help! Blocking specific ports because they're "threats" sort of worked okay around 1995. In the Internet of the 21st century, it doesn't. The Right Way(TM) to define a firewall policy is to block all traffic by default, and then open up what your organization actually needs. That way, you can get away with ignoring new threats unless they actually apply to stuff your organization does, instead of constantly putting out fires each time the building catches. David Gillett --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: where should I start? help! DeGennaro, Gregory (Jul 24)
- <Possible follow-ups>
- RE: where should I start? help! Jane Han (Jul 24)
- RE: where should I start? help! DeGennaro, Gregory (Jul 24)
- RE: where should I start? help! ALLEN, DONALD S (AIT) (Jul 24)
- RE: where should I start? help! Jane Han (Jul 24)
- RE: where should I start? help! Jane Han (Jul 25)
- Re: where should I start? help! Jude Naidoo (Jul 28)
- RE: where should I start? help! David Gillett (Jul 28)
- RE: where should I start? help! DeGennaro, Gregory (Jul 28)
- RE: where should I start? help! DeGennaro, Gregory (Jul 28)