Educause Security Discussion mailing list archives

Re: Internet ingress port-blocking

From: Garrett Hildebrand <gdh () UCI EDU>
Date: Thu, 17 Aug 2017 09:21:14 -0700

We are reviewing the rulesets  on our ingress routers from the Internet.  I'd like to ask what general 
ports/applications/services/etc are people blocking?  I'm not talking about specific DDoS hosts/subnets or the like, 
just general practice (e.g blocking RFC 1918 addresses coming from the Internet).


We block all connections from off-campus by default. We have a
web-based Server Registration tool that allows people to open ports
on the border firewall for systems they are responsible for.

Here are the choices one gets in that tool:

*       This system does not need to be contacted from off campus. (No ports open.)

o       I am running Linux and want to use SSH to access my computer from off-campus. (Port 22 enabled.)

o       This system is a server. I run my own firewall or have taken other security precautions. (Warning, all ports 
will be open.)

o       I would like to specify which ports to open. (Advanced)

Garrett
-==-==-
G.D. Hildebrand              Senior IT Security Analyst
UC Irvine, OIT, 6137 Ayala Sci Lib., Irvine, 92697-1175
tel.: 949-824-8913                   email: gdh () uci edu
Created new page 15 December 2016
My URL is http://about.me/garretthildebrand
*Splunk - the Benihana of log-data slicing and dicing.*

Don't be a victim of phishing. Legitimate businesses don't ask you
to send sensitive information through insecure channels. Learn more:
http://er.educause.edu/blogs/2016/3/april-dont-get-hooked
Handle passwords wisely: http://www.bbc.com/news/technology-37510501

Today (Thu, 17 Aug 2017) at 15:53 -0000 Brian Helman wrote:

We are reviewing the rulesets  on our ingress routers from the Internet.  I'd like to ask what general 
ports/applications/services/etc are people blocking?  I'm not talking about specific DDoS hosts/subnets or the like, 
just general practice (e.g blocking RFC 1918 addresses coming from the Internet).

Thanks,
Brian

(x-posting to the NETMAN list as well)


____________________________________
Brian Helman, M.Ed |  Director, ITS/Networking Services | *: 978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

Current thread:

Internet ingress port-blocking Brian Helman (Aug 17)
- Re: Internet ingress port-blocking Garrett Hildebrand (Aug 17)
  - Re: Internet ingress port-blocking Velislav K Pavlov (Aug 17)
    - Re: Internet ingress port-blocking Brian Helman (Aug 17)
    - Re: Internet ingress port-blocking Andy Hooper (Aug 18)
  - Re: Internet ingress port-blocking Brian Helman (Aug 17)
  - Message not available
    - Re: Internet ingress port-blocking John Kristoff (Aug 17)
- Re: Internet ingress port-blocking Brian Epstein (Aug 17)
- <Possible follow-ups>
- Re: Internet ingress port-blocking Joseph Tam (Aug 18)