Educause Security Discussion mailing list archives
Re: Firewall Upgrade
From: randy <marchany () VT EDU>
Date: Fri, 14 Feb 2014 14:50:59 -0500
I know this is a silly question but from what I'm reading on this thread, we're talking about putting an SMTP block on ALL outbound email? I hope that's not the case because that doesn't make any sense. How do you distinguish between legit and bad outbound traffic? IMHO, the only value a FW has these days is to block unsolicited inbound connections. Using a combo of devices like PA, FireEye(my favorite), Stonesoft, Snort, etc in combo with subscribing to some sort of threat intelligence services (Fireeye, secureworks, etc.) to monitor outbound traffic is more effective. SMTP servers are embedded in all sorts of devices ranging from printers, copiers and scanners. Effective patch mgt solutions like BigFix etc are proving to be more effective in halting malware infections that manage to make it past the IDS/IPS sensors. Yes, the malware got loaded on the target but it needs to exploit a hole in a software component and if that hole was patched effectively, the net result is the machine wasn't compromised. Blocking the outbound communication to a controller is key. It's hard but the technology is getting better. Network Security Monitoring aka Continuous Monitoring of outbound traffic seems to be the more effective solution. -Randy Marchany VA Tech IT Security Office and Lab.
Current thread:
- Re: Firewall Upgrade, (continued)
- Re: Firewall Upgrade Robert Lau (Feb 13)
- Re: Firewall Upgrade Chris Davis (Feb 14)
- Re: Firewall Upgrade Ben Parker (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Ian McDonald (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Pete Hickey (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Derek Diget (Feb 14)
- Re: Firewall Upgrade randy (Feb 14)
- Re: Firewall Upgrade Nathaniel Hall (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Ben Parker (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Mark Rogowski (Feb 14)