Educause Security Discussion mailing list archives
Re: Firewall - Outbound Ports
From: Joseph Karam <jkaram () HAMILTON EDU>
Date: Wed, 30 Jan 2008 12:01:27 -0500
I agree that a proper assessment should be done. However, I also suggest you download the NSA Router Security configuration guide. They have some good recommendations for what to block at a router/firewall level. A number of security guides are located at: http://www.nsa.gov/snac/downloads_all.cfm Joe Roger Safian wrote:
At 10:48 AM 1/29/2008, Michael Hornung put fingers to keyboard and wrote:If you're attempting to block certain activities, not just ports for their own sake -- I mean, what's wrong with the number 445 anyway? -- it would seem more effective to use layer7 packet filtering or shaping to accomplish your goals. Firewalling at layers 3/4 only encourages a place we don't want to be, the port 80 Internet.I think it depends on many factors, including your goals and objectives, resources (especially financial and people), and the amount of traffic you have to deal with. I suspect that in an ideal world, a mutli-layer approach would be best. That being said, filters at layers 3/4 are cheap and can be effective against certain attacks, but they do have their limits. A proper risk assessment will help solidify what mitigation processes will be effective in your organization.
Current thread:
- Firewall - Outbound Ports Chris Golden (Jan 29)
- <Possible follow-ups>
- Re: Firewall - Outbound Ports Michael Hornung (Jan 29)
- Re: Firewall - Outbound Ports Consolvo, Corbett D (Jan 29)
- Re: Firewall - Outbound Ports Roger Safian (Jan 29)
- Re: Firewall - Outbound Ports Joseph Karam (Jan 30)
- Re: Firewall - Outbound Ports Roger Safian (Jan 30)
- Re: Firewall - Outbound Ports Valdis Kletnieks (Jan 30)