Blocked outbound ports

["Di Fabio, Andrea" <adifabio () NSU EDU>]

On a slightly different topic, I would be interested in knowing what other
institutions are doing with regard to outbound filtering at the gateway.
You can reply directly to me.  I will compile an anonymous list of outbound
ports/applications being blocked and possibly specify the reasons for it
when provided.  We for instance block the following outbound
ports/applications unless for specific authorized servers (*):



Ports: 25(*), 135-139, 445

Apps: Some P2P(*)



Thanks for your feedback.



Andrea Di Fabio

Information Security Officer

High Performance Computing Technology Coordinator

Norfolk State University

Office of Information Technology

Marie V. McDemmond Center for Applied Research, Rm 401F

555 Park Avenue, Suite 401

Norfolk, Virginia 23504

757-823-2896 Office

757-823-2128 Fax



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Di Fabio, Andrea
Sent: Friday, April 25, 2008 9:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Outbound SMTP



We only allow authorized mail server to make outbound SMTP connections and
block all other outbound SMTP to avoid being listed by DNSBL or other SMAPBL



Andrea Di Fabio

Information Security Officer

High Performance Computing Technology Coordinator

Norfolk State University

Office of Information Technology

Marie V. McDemmond Center for Applied Research, Rm 401F

555 Park Avenue, Suite 401

Norfolk, Virginia 23504

757-823-2896 Office

757-823-2128 Fax



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jenkins, Matthew
Sent: Friday, April 25, 2008 9:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Outbound SMTP



I am curious how many other schools block outbound SMTP, and if so from
which or all networks?



We currently still allow it; however, I see very few legit connections.
Usually once a week I find another student who has become malware infected,
and have to  shut them off until they can prove their computer is clean
(unfortunately we don't have a true NAC as budget does not allow).



The biggest problem is wireless users.  I can block MAC addresses, however
this ends up taking a lot of time from start to finish (by the time I login
to WCS, push the policy to all the controllers, document it, notify our
helpdesk team for the incoming phone call they will get, then all those
steps in reverse when the computer is cleaned).



I have been considering approaching management to just block all port 25
traffic.  My holdback is that I feel bad for anyone that has their own
domain somewhere and sends mail through it.  We do not allow students to
relay SMTP mail through our mail servers.



Thoughts?  Thanks for your input,



Matt



Matthew Jenkins
Network/Server Administrator
Fairmont State University
Visit us online at  <http://www.fairmontstate.edu/> www.fairmontstate.edu

Attachment: smime.p7s
Description: