Educause Security Discussion mailing list archives
Blocked outbound ports
From: "Di Fabio, Andrea" <adifabio () NSU EDU>
Date: Fri, 25 Apr 2008 09:30:30 -0400
On a slightly different topic, I would be interested in knowing what other institutions are doing with regard to outbound filtering at the gateway. You can reply directly to me. I will compile an anonymous list of outbound ports/applications being blocked and possibly specify the reasons for it when provided. We for instance block the following outbound ports/applications unless for specific authorized servers (*): Ports: 25(*), 135-139, 445 Apps: Some P2P(*) Thanks for your feedback. Andrea Di Fabio Information Security Officer High Performance Computing Technology Coordinator Norfolk State University Office of Information Technology Marie V. McDemmond Center for Applied Research, Rm 401F 555 Park Avenue, Suite 401 Norfolk, Virginia 23504 757-823-2896 Office 757-823-2128 Fax From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Di Fabio, Andrea Sent: Friday, April 25, 2008 9:21 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Outbound SMTP We only allow authorized mail server to make outbound SMTP connections and block all other outbound SMTP to avoid being listed by DNSBL or other SMAPBL Andrea Di Fabio Information Security Officer High Performance Computing Technology Coordinator Norfolk State University Office of Information Technology Marie V. McDemmond Center for Applied Research, Rm 401F 555 Park Avenue, Suite 401 Norfolk, Virginia 23504 757-823-2896 Office 757-823-2128 Fax From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jenkins, Matthew Sent: Friday, April 25, 2008 9:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Outbound SMTP I am curious how many other schools block outbound SMTP, and if so from which or all networks? We currently still allow it; however, I see very few legit connections. Usually once a week I find another student who has become malware infected, and have to shut them off until they can prove their computer is clean (unfortunately we don't have a true NAC as budget does not allow). The biggest problem is wireless users. I can block MAC addresses, however this ends up taking a lot of time from start to finish (by the time I login to WCS, push the policy to all the controllers, document it, notify our helpdesk team for the incoming phone call they will get, then all those steps in reverse when the computer is cleaned). I have been considering approaching management to just block all port 25 traffic. My holdback is that I feel bad for anyone that has their own domain somewhere and sends mail through it. We do not allow students to relay SMTP mail through our mail servers. Thoughts? Thanks for your input, Matt Matthew Jenkins Network/Server Administrator Fairmont State University Visit us online at <http://www.fairmontstate.edu/> www.fairmontstate.edu
Attachment:
smime.p7s
Description:
Current thread:
- Blocked outbound ports Di Fabio, Andrea (Apr 25)