Re: Firewall - Outbound Ports

["Consolvo, Corbett D" <cc72 () TXSTATE EDU>]

Some suggestions:
SNMP
Microsoft networking (Netbios/445)
SMTP except for authorized mail servers
TFTP
Maybe IRC? (that ought to generate some remarks :) )

I certainly agree that upper-layer intelligence is also a great idea.  To me filtering out some of the basic ports cuts 
down on a lot of the basic issues without too much loss in functionality.

Corbett Consolvo
Information Security Analyst
Texas State University

-----Original Message-----
From: Michael Hornung [mailto:hornung () WASHINGTON EDU]
Sent: Tuesday, January 29, 2008 10:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Firewall - Outbound Ports

If you're attempting to block certain activities, not just ports for their
own sake -- I mean, what's wrong with the number 445 anyway? -- it would
seem more effective to use layer7 packet filtering or shaping to
accomplish your goals.  Firewalling at layers 3/4 only encourages a place
we don't want to be, the port 80 Internet.

___________________________________________________
 Michael Hornung          UW Technology
 hornung () washington edu   University of Washington

On Tue, 29 Jan 2008 at 09:48, Chris Golden wrote:

|I am in the process of deciding wether or not to change my firewall
|strategy for outbound ports.  We allow gaming in the dorms and keeping up
|with all the games and their enormous port ranges is a huge time sink.
|I have polled some other schools and found that they do not block
|outbound ports however I feel like some need to be blocked.  Which ports
|do you block outbound?  Which ports do you recommend being blocked
|outbound (SMTP, NetBios, etc.)?
|
|Chris Golden, GCIH
|Coordinator of Network Services
|Lee University
|423.614.8020