Educause Security Discussion mailing list archives
Re: Internet ingress port-blocking
From: Brian Helman <bhelman () SALEMSTATE EDU>
Date: Thu, 17 Aug 2017 17:50:53 +0000
Sure, that's Security 101, but I'm looking to understand the generic ruleset for traffic that shouldn't enter anyone's network .. not mine specifically. Again, e.g, blocking RFC 1918 addresses. I'm not looking to secure my services at this point, that is done elsewhere on my network. At this point of access, I'm looking to control unwanted/generally malicious traffic. Thanks, Brian -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Velislav K Pavlov Sent: Thursday, August 17, 2017 12:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Internet ingress port-blocking Map your external attack surface. Figure out what is visible (asset, header, service/port). Break out the visible assets by what you (IT/Sec) manage and don't manage. Start with cleaning up what you manage and have control over. Move to what you don't manage. Communicate with the appropriate parties and make them part of the solution. Show them reports and your findings. Maybe users/admins don't know what is exposed and visible. Limiting your attack surface will reduce the network noise. Once you cleaned up, G.D. registration process is a neat way to be proactive. Vel Pavlov | Coordinator, IT Security M.Sc. ISM, CISSP, C|HFI, C|EH, C)PTE, Security+, CNA, MPCS, ITILv3F, A+ -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Garrett Hildebrand Sent: Thursday, August 17, 2017 12:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Internet ingress port-blocking **Notice** This message is from a sender outside of the Ferris Office 365 mail system. Use caution when clicking links or opening attachments. For assistance determining if this email is safe, please contact TAC. ________________________________
We are reviewing the rulesets on our ingress routers from the Internet. I'd like to ask what general ports/applications/services/etc are people blocking? I'm not talking about specific DDoS hosts/subnets or the like, just general practice (e.g blocking RFC 1918 addresses coming from the Internet).
We block all connections from off-campus by default. We have a web-based Server Registration tool that allows people to open ports on the border firewall for systems they are responsible for. Here are the choices one gets in that tool: * This system does not need to be contacted from off campus. (No ports open.) o I am running Linux and want to use SSH to access my computer from off-campus. (Port 22 enabled.) o This system is a server. I run my own firewall or have taken other security precautions. (Warning, all ports will be open.) o I would like to specify which ports to open. (Advanced) Garrett -==-==- G.D. Hildebrand Senior IT Security Analyst UC Irvine, OIT, 6137 Ayala Sci Lib., Irvine, 92697-1175 tel.: 949-824-8913 email: gdh () uci edu Created new page 15 December 2016 Don't be a victim of phishing. Legitimate businesses don't ask you to send sensitive information through insecure channels. Learn more: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fer.educause.edu%2Fblogs%2F2016%2F3%2Fapril-dont-get-hooked&data=02%7C01%7CVelislavPavlov%40ferris.edu%7C60b0715af7ea419926c708d4e58bfc8c%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C0%7C636385836785274467&sdata=Ljat4%2Fysr479UhjyzILvZU3%2FqONZN5LWgpfXFQMEdcI%3D&reserved=0 Handle passwords wisely: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bbc.com%2Fnews%2Ftechnology-37510501&data=02%7C01%7CVelislavPavlov%40ferris.edu%7C60b0715af7ea419926c708d4e58bfc8c%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C0%7C636385836785274467&sdata=ToI3CmZegh0TUvTcvkYr1FYLxAKaqbpbwxOhho1xbxA%3D&reserved=0 Today (Thu, 17 Aug 2017) at 15:53 -0000 Brian Helman wrote:
We are reviewing the rulesets on our ingress routers from the Internet. I'd like to ask what general ports/applications/services/etc are people blocking? I'm not talking about specific DDoS hosts/subnets or the like, just general practice (e.g blocking RFC 1918 addresses coming from the Internet). Thanks, Brian (x-posting to the NETMAN list as well) ____________________________________ Brian Helman, M.Ed | Director, ITS/Networking Services | *: 978.542.7272 Salem State University, 352 Lafayette St., Salem Massachusetts 01970 GPS: 42.502129, -70.894779
Current thread:
- Internet ingress port-blocking Brian Helman (Aug 17)
- Re: Internet ingress port-blocking Garrett Hildebrand (Aug 17)
- Re: Internet ingress port-blocking Velislav K Pavlov (Aug 17)
- Re: Internet ingress port-blocking Brian Helman (Aug 17)
- Re: Internet ingress port-blocking Andy Hooper (Aug 18)
- Re: Internet ingress port-blocking Velislav K Pavlov (Aug 17)
- Re: Internet ingress port-blocking Brian Helman (Aug 17)
- Message not available
- Re: Internet ingress port-blocking John Kristoff (Aug 17)
- Re: Internet ingress port-blocking Garrett Hildebrand (Aug 17)
- <Possible follow-ups>
- Re: Internet ingress port-blocking Joseph Tam (Aug 18)