re: What addresses to put on my NEW black list?

["Jim Halfpenny" <jim () openanswers co uk>]

> Why not apply the principle of least privilege to take care of this?
> Permit
> only what should be allowed and block everything else.
>
> Ex.
> permit tcp mailserver any eq 25
> Permit other outbound expected traffic
> Permit tcp any any eq 80
> Permit tcp any any eq 443
> Deny any any

Hi,
I feel the principle of least privilege should go more along the lines of,
"Deny any any." Hosts on your network, particularly desktop PCs should
have the least possible privilege with regards to accessing the Internet,
and in most cases that is no access whatsoever. SMTP can be handled by
your own mail gateway. Web traffic should be handled by your own web
proxy.

I believe that it is wisest to restrict egress from your network to as few
places as possible. This goes a long way to mitigating the seurity and
policy violation risks associated with unresticted net access. This way
you can monitor and restrict traffic as you see fit.

Regards,
Jim Halfpenny


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------