Educause Security Discussion mailing list archives

Re: Firewall - Egress Policy

From: Gary Flynn <flynngn () JMU EDU>
Date: Mon, 4 Sep 2006 13:13:46 -0400

Chris Golden wrote:

I am struggling keeping up with outbound firewall rules pertaining to
games and other gaming apps (i.e Ventrillo, Teamspeak, PS2, Xbox live).
We have a policy allowing approved gaming ports to be opened after 5pm
M-F and all day on the weekends.  However, as more and more games come
out requiring 4,000+ ports I am starting to think this is pointless.  I
see the need for filtering out certain ports such as SMTP, SNMP, MS RPC,
NetBios, SMB/IP, TFTP, IRC (6000-6999) but it would be easier to create
rules for these ports and allow others.

What are some of your thoughts/policies on this?


We use Packeteer Packetshapers to help reserve bandwidth
for traditional production applications and change policies
at 10PM.


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Firewall - Egress Policy Chris Golden (Sep 04)
- <Possible follow-ups>
- Re: Firewall - Egress Policy Gary Flynn (Sep 04)
- Re: Firewall - Egress Policy Cal Frye (Sep 04)
- Re: Firewall - Egress Policy Jack Suess (Sep 04)
- Re: Firewall - Egress Policy Steve Lovaas (Sep 05)
- Re: Firewall - Egress Policy Bruce Curtis (Sep 05)