Security Basics mailing list archives
re: What addresses to put on my NEW black list?
From: "Jim Halfpenny" <jim () openanswers co uk>
Date: Fri, 24 Feb 2006 09:24:00 -0000 (GMT)
Why not apply the principle of least privilege to take care of this? Permit only what should be allowed and block everything else. Ex. permit tcp mailserver any eq 25 Permit other outbound expected traffic Permit tcp any any eq 80 Permit tcp any any eq 443 Deny any any
Hi, I feel the principle of least privilege should go more along the lines of, "Deny any any." Hosts on your network, particularly desktop PCs should have the least possible privilege with regards to accessing the Internet, and in most cases that is no access whatsoever. SMTP can be handled by your own mail gateway. Web traffic should be handled by your own web proxy. I believe that it is wisest to restrict egress from your network to as few places as possible. This goes a long way to mitigating the seurity and policy violation risks associated with unresticted net access. This way you can monitor and restrict traffic as you see fit. Regards, Jim Halfpenny --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- What addresses to put on my NEW black list? phunked up! (Feb 22)
- Re: What addresses to put on my NEW black list? Ryan Cummings (Feb 22)
- RE: What addresses to put on my NEW black list? David Gillett (Feb 23)
- Re: What addresses to put on my NEW black list? Brian Loe (Feb 23)
- Re: What addresses to put on my NEW black list? nodialtone (Feb 23)
- Re: What addresses to put on my NEW black list? Neil (Feb 23)
- <Possible follow-ups>
- re: What addresses to put on my NEW black list? Steve Barron (Feb 23)
- re: What addresses to put on my NEW black list? Jim Halfpenny (Feb 24)
- Re: What addresses to put on my NEW black list? Ryan Cummings (Feb 22)