Educause Security Discussion mailing list archives

Re: Firewall Strategies

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 6 Feb 2006 12:56:21 -0500

On Sat, 04 Feb 2006 13:49:13 EST, Mark Bauer said:

At Skidmore we use a multi-layer defense. The border router stops all IANA
reserved addresses as well as some of the nastier ports that have no real
function inside the network.


Two notes for those playing along at home:

1) Please do *egress* filtering as well - you shouldn't be emitting packets
from reserved or rfc1918 addresses into the Internet at large.  This is particularly
important for those of you who NAT their entire campus address space.

2) The first ports to filter are the nasty ones that *DO* have function inside
the network, but shouldn't be seeing much access from outside (135-139 come
to mind....)

Attachment: _bin
Description:

Current thread:

Firewall Strategies James Meyers (Feb 03)
- <Possible follow-ups>
- Re: Firewall Strategies Gary Flynn (Feb 03)
- Re: Firewall Strategies Dave Koontz (Feb 04)
- Re: Firewall Strategies Mark Bauer (Feb 04)
- Re: Firewall Strategies Christian Wilson (Feb 06)
- Re: Firewall Strategies Valdis Kletnieks (Feb 06)
- Re: Firewall Strategies Alan Amesbury (Feb 06)
- Re: Firewall Strategies Richard Hopkins (Feb 10)