Security Basics mailing list archives
Re: How secure is to open ports from inside the firewall?
From: e.m.baechle () ieee org
Date: 15 Mar 2007 00:44:02 -0000
Iosif, There are (at least) two schools of thought to actually blocking outbound traffic through the firewall. Both of these say, log the traffic outbound and review it occasionally. The important thing to understand is that most firewalls by default ALLOW all traffic outbound (all of your ports outbound are already open). The first, deny all principle suggests you should deny all traffic outbound on ports that do not directly support your business processes. Typically, outbound traffic is limited to HTTP, HTTPS, and SMTP. Even better, is when you use a web proxy server and limit HTTP and HTTPS traffic only outbound from the proxy and SMTP only from the e-Mail server. Add specific rules for specific services and systems (may require static IP address assignment; or use IPSEC for authenticating the system [without encryption] on DHCP networks). Any traffic blocked and logged on your firewall either violates your electronic communications policy or is malicious. You can then concentrate on hardening your SMTP and HTTP/S Proxy servers against hijacking. The second, let it go concept is for limited budget groups that lack the expertise to setup proxy servers for their services; or have a lot of dynamic services and traveling personnel (that access SMTP from their laptops across your firewall, attach to various client-VPNs, etc). In this case, try to make a profile of what is normal (baseline) and review anything that happens to be out of place. Another consideration is to at least log not normal situations going out. For example, if your office hours are from 6:00am to 6:00pm, and the latest person usually stays until 8:00pm, then log any outbound traffic that happens after 8:00pm. Those hits where a machine is going out when theres nobody in the office, even on HTTP/S could be a compromised system. Sincerely, Eric Baechle
Current thread:
- How secure is to open ports from inside the firewall? Iosif Gasparakis (Mar 14)
- Re: How secure is to open ports from inside the firewall? Kim Guldberg (Mar 15)
- RE: How secure is to open ports from inside the firewall? Murda Mcloud (Mar 15)
- <Possible follow-ups>
- Re: How secure is to open ports from inside the firewall? e . m . baechle (Mar 15)
- Re: How secure is to open ports from inside the firewall? pfunix (Mar 15)