Educause Security Discussion mailing list archives
Re: Outbound SMTP
From: Mike Porter <mike () UDEL EDU>
Date: Mon, 28 Apr 2008 15:00:15 -0400
On Fri, 25 Apr 2008, Basgen, Brian wrote:
Joe,officers. I mean dang it all, we build wonderful networks, and then we proceed to block the heck out of 'em to the point where application programmers can hardly use 'em! That just makes no sense.Joe, you have a fair point, but you are making it a bit extreme. I would agree, in some contexts, when it comes to NAC, for example. Yet, the suggestion that blocking port 25 outbound is problematic for usability isn't very sustainable.It is so tempting to say, when confronting any security risk, "blockit." The role of the ISO is a lot more nuanced than this. This is a good example of the importance of an ISO in an institution, as opposed to a network security administrator, for example.1) Even if you block port 25 traffic, the host is still infestedYou are missing the forest for the trees. If you render the intent of an exploit useless, you've accomplished defense in-depth. We can't
The intend of the exploit is most likely multi-faceted. It can be used to send spam. It can be used to scan machines local to a subnet. It can be used to guess passwords. I'm convinced that laptops are loaded with wireshark type programs and sniffing for passwords. Any time we can get one of these machines to reveal itself, that's one less machine hiding where I can't easily see what it's up to.
maintain pristine networks. We *can* reduce risk and have sufficient depth such that a compromise will be mitigated by various layers.
Alternatively, you can monitor and when trip points are passed, you can disable the machine and force it to get cleaned. Blocking ports is sometimes necessary, but we have not found that to the be the case with port 25. Microsoft ports (139 et al), are, however, blocked. Mike
~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
- Mike Porter PGP Fingerprint: F4 AE E1 9F 67 F7 DA EA 2F D2 37 F3 99 ED D1 C2
Current thread:
- Re: Outbound SMTP, (continued)
- Re: Outbound SMTP Joel Rosenblatt (Apr 25)
- Re: Outbound SMTP Basgen, Brian (Apr 25)
- Re: Outbound SMTP Jason S. Cash (Apr 25)
- Re: Outbound SMTP Michael Sinatra (Apr 25)
- Re: Outbound SMTP Michael Sinatra (Apr 25)
- Re: Outbound SMTP Joe St Sauver (Apr 25)
- Re: Outbound SMTP Scholz, Greg (Apr 25)
- Re: Outbound SMTP Halliday,Paul (Apr 25)
- Re: Outbound SMTP John Kristoff (Apr 28)
- Re: Outbound SMTP Tim Cantin (Apr 28)
- Re: Outbound SMTP Mike Porter (Apr 28)
- Re: Outbound SMTP Valdis Kletnieks (May 05)