Educause Security Discussion mailing list archives

Re: Inbound Default Deny Policy at Internet Border

From: "Jeffrey I. Schiller" <jis () MIT EDU>
Date: Wed, 18 May 2005 16:10:51 -0400

[Sorry if this has been said, this thread is quite long!]

If your goal is as you say, then blocking inbound connections will not
work.

It buys you time, but that is all.

For many Internet exploits, a worm is written that takes advantage of
the vulnerability that is being exploited. Once a worm is in the wild,
inbound filtering doesn't help you. The worm will find some way past
your border (say via a laptop that was connected to a public network an
infected and is now connected "inside" your network). Once its on the
"inside" it will be free to roam and infect systems.

People in organizations which hide behind an inbound filter often are
slower to install patches, incorrectly figuring that the filter (or
firewall) will protect them. Once a worm gets by the filter, these
organizations are hit very hard.

                        -Jeff

On Mon, 2005-05-16 at 09:55, Gary Flynn wrote:

Jeffrey I. Schiller wrote:

What problem are you trying to solve?


1. Computers getting compromised because people:
    a. don't realize they're putting up a server and/or
    b. don't realize they need to maintain a server and/or
    c. don't have the resources to maintain a server and/or
    c. they are exposed to the Internet when they don't need
       to be and/or
    d. they are interested in academic pursuits unrelated to
       computer maintenance and security so cutting down the
       exposure lets them concentrate on what they are interested
       in with decreased risk.

--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

--
 ============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
 ===========================================================================

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Re: Inbound Default Deny Policy at Internet Border, (continued)
- Re: Inbound Default Deny Policy at Internet Border Michael Sinatra (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Valdis Kletnieks (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Joel Rosenblatt (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Mark Borrie (May 16)
- Re: Inbound Default Deny Policy at Internet Border Davis, Thomas R. (May 17)
- Re: Inbound Default Deny Policy at Internet Border Mark Poepping (May 17)
- Re: Inbound Default Deny Policy at Internet Border Jeff Wolfe (May 17)
- Re: Inbound Default Deny Policy at Internet Border Jeffrey I. Schiller (May 18)