Educause Security Discussion mailing list archives

Re: Firewall - Outbound Ports

From: Joseph Karam <jkaram () HAMILTON EDU>
Date: Wed, 30 Jan 2008 12:01:27 -0500

I agree that a proper assessment should be done.  However, I also
suggest you download the NSA Router Security configuration guide.  They
have some good recommendations for what to block at a router/firewall
level.  A number of security guides are located at:

http://www.nsa.gov/snac/downloads_all.cfm

Joe



Roger Safian wrote:

At 10:48 AM 1/29/2008, Michael Hornung put fingers to keyboard and wrote:

If you're attempting to block certain activities, not just ports for their
own sake -- I mean, what's wrong with the number 445 anyway? -- it would
seem more effective to use layer7 packet filtering or shaping to
accomplish your goals.  Firewalling at layers 3/4 only encourages a place
we don't want to be, the port 80 Internet.


I think it depends on many factors, including your goals and objectives,
resources (especially financial and people), and the amount of traffic
you have to deal with.  I suspect that in an ideal world, a mutli-layer
approach would be best.  That being said, filters at layers 3/4 are cheap
and can be effective against certain attacks, but they do have their
limits.  A proper risk assessment will help solidify what mitigation
processes will be effective in your organization.

Current thread:

Firewall - Outbound Ports Chris Golden (Jan 29)
- <Possible follow-ups>
- Re: Firewall - Outbound Ports Michael Hornung (Jan 29)
- Re: Firewall - Outbound Ports Consolvo, Corbett D (Jan 29)
- Re: Firewall - Outbound Ports Roger Safian (Jan 29)
- Re: Firewall - Outbound Ports Joseph Karam (Jan 30)
- Re: Firewall - Outbound Ports Roger Safian (Jan 30)
- Re: Firewall - Outbound Ports Valdis Kletnieks (Jan 30)