Re: Destiny Gaming

[Ian McDonald <iam () ST-ANDREWS AC UK>]

Why on earth they don't understand that 1 outbound port is all that is required for their traffic I'll never know.

Thanks

--
ian

Sent from my phone, please excuse brevity and misspelling.
________________________________
From: Cal Frye<mailto:cjf () CALFRYE COM>
Sent: ‎11/‎09/‎2014 17:18
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Destiny Gaming

It's still typical of the game industry. "Just open these multitude of ports and you'll be fine." The assumption seems 
to be the evil network administrators are trying to block your game play, so we'll not give specific information. The 
specifics would permit me to block their servers, yes, but also allow me to work around issues of firewalls or 
bandwidth management devices in a sane manner.

In the past, I would sometimes craft a specific permit class on our old Packetshaper to permit just the ports 
referenced and what I could find of the game servers, to avoid opening random ports or classifying them for a high 
quality of service based on port alone. I do hear Bungie is attempting to work with Procera, among others, to properly 
classify the game traffic, so maybe attitudes are changing at last. Could we hope this might be done before release in 
the future? I'm not holding my breath.

Best Regards,
-- Cal Frye, Network Administrator, Oberlin College
   Mudd Library, x.56930
   Be an Internet Skeptic! -- Hover your mouse over the links in emails, and see if the link matches where you think 
you want to go!

   www.calfrye.com<http://www.calfrye.com>,  www.oberlin.edu/cit/<http://www.oberlin.edu/cit/>

"We are the ones responsible to determine whether the war that our marines, soldiers and airmen are fighting in is 
worth the cause..." --Scott Ritter.


[cid:part1.05040808.03070006@calfrye.com]
Keller, Alex<mailto:axkeller () STANFORD EDU>
September 11, 2014 at 11:19 AM
Legitimacy and design/architecture aside, please note that of the thousands of ports that are specified in the Bugie 
documentation, "only" 3074 UDP and 35000-35099 TCP are required to open INBOUND. Unless you are actually performing 
egress filtering (most hi-ed institutions don't) then the majority of these ports are already open/available.

Best,
alex



Alex Keller
Information Technology
Stanford School of Engineering
axkeller () stanford edu<mailto:axkeller () stanford edu>
(650) 736-6421


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Self, 
Dennis
Sent: Thursday, September 11, 2014 7:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Destiny Gaming

A student has requested the opening of a large number of firewall ports (thousands) as referenced at the vendor site: 
http://www.bungie.net/en/Help/Article/11875.  We do not plan to open the ports.  I have never played the game.  The 
request raises concerns that the application has security design issues, and the company has brazen attitudes towards 
security in stating the ports should be opened.  Has anyone else dealt with this and developed an objective rationale?

Kind regards,

Dennis Self, CISSP
Director, IT Security & Compliance
Technology Services

205-726-2692 | office
DLSelf () Samford edu<mailto:DLSelf () Samford edu>
www.samford.edu<http://www.samford.edu>
800 Lakeshore Drive, Birmingham, AL 35229


 "Truth is not democratic." Dennis Self, 2013
[cid:part1.05040808.03070006@calfrye.com]
Self, Dennis<mailto:dlself () SAMFORD EDU>
September 11, 2014 at 10:32 AM
A student has requested the opening of a large number of firewall ports (thousands) as referenced at the vendor site: 
http://www.bungie.net/en/Help/Article/11875.  We do not plan to open the ports.  I have never played the game.  The 
request raises concerns that the application has security design issues, and the company has brazen attitudes towards 
security in stating the ports should be opened.  Has anyone else dealt with this and developed an objective rationale?

Kind regards,

Dennis Self, CISSP
Director, IT Security & Compliance
Technology Services

205-726-2692<tel:205-726-2692> | office
DLSelf () Samford edu<mailto:DLSelf () Samford edu>
www.samford.edu<http://www.samford.edu/>
800 Lakeshore Drive, Birmingham, AL 35229<http://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US>
[Samford University Logo]

 ”Truth is not democratic.” Dennis Self, 2013