Educause Security Discussion mailing list archives
Re: Firewall Strategies
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 6 Feb 2006 12:56:21 -0500
On Sat, 04 Feb 2006 13:49:13 EST, Mark Bauer said:
At Skidmore we use a multi-layer defense. The border router stops all IANA reserved addresses as well as some of the nastier ports that have no real function inside the network.
Two notes for those playing along at home: 1) Please do *egress* filtering as well - you shouldn't be emitting packets from reserved or rfc1918 addresses into the Internet at large. This is particularly important for those of you who NAT their entire campus address space. 2) The first ports to filter are the nasty ones that *DO* have function inside the network, but shouldn't be seeing much access from outside (135-139 come to mind....)
Attachment:
_bin
Description:
Current thread:
- Firewall Strategies James Meyers (Feb 03)
- <Possible follow-ups>
- Re: Firewall Strategies Gary Flynn (Feb 03)
- Re: Firewall Strategies Dave Koontz (Feb 04)
- Re: Firewall Strategies Mark Bauer (Feb 04)
- Re: Firewall Strategies Christian Wilson (Feb 06)
- Re: Firewall Strategies Valdis Kletnieks (Feb 06)
- Re: Firewall Strategies Alan Amesbury (Feb 06)
- Re: Firewall Strategies Richard Hopkins (Feb 10)