Educause Security Discussion mailing list archives
Re: Inbound Default Deny Policy at Internet Border
From: "Jeffrey I. Schiller" <jis () MIT EDU>
Date: Wed, 18 May 2005 16:10:51 -0400
[Sorry if this has been said, this thread is quite long!] If your goal is as you say, then blocking inbound connections will not work. It buys you time, but that is all. For many Internet exploits, a worm is written that takes advantage of the vulnerability that is being exploited. Once a worm is in the wild, inbound filtering doesn't help you. The worm will find some way past your border (say via a laptop that was connected to a public network an infected and is now connected "inside" your network). Once its on the "inside" it will be free to roam and infect systems. People in organizations which hide behind an inbound filter often are slower to install patches, incorrectly figuring that the filter (or firewall) will protect them. Once a worm gets by the filter, these organizations are hit very hard. -Jeff On Mon, 2005-05-16 at 09:55, Gary Flynn wrote:
Jeffrey I. Schiller wrote:What problem are you trying to solve?1. Computers getting compromised because people: a. don't realize they're putting up a server and/or b. don't realize they need to maintain a server and/or c. don't have the resources to maintain a server and/or c. they are exposed to the Internet when they don't need to be and/or d. they are interested in academic pursuits unrelated to computer maintenance and security so cutting down the exposure lets them concentrate on what they are interested in with decreased risk. -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
-- ============================================================================ Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice jis () mit edu =========================================================================== ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Inbound Default Deny Policy at Internet Border, (continued)
- Re: Inbound Default Deny Policy at Internet Border Michael Sinatra (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Valdis Kletnieks (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Joel Rosenblatt (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Mark Borrie (May 16)
- Re: Inbound Default Deny Policy at Internet Border Davis, Thomas R. (May 17)
- Re: Inbound Default Deny Policy at Internet Border Mark Poepping (May 17)
- Re: Inbound Default Deny Policy at Internet Border Jeff Wolfe (May 17)
- Re: Inbound Default Deny Policy at Internet Border Jeffrey I. Schiller (May 18)