Re: Another Try - More restrictive access to destination ports

[Frank Barton <bartonf () HUSSON EDU>]

Brian - the big problem that we've seen with that is that most P2P systems
jump all over the place using tons of different ports.
On our student network we do some L7 filtering (using the built-in
detections on the Sophos XG firewalls) - but even that has issues,
including false positives, and encryption letting some stuff through. We
did end up having to put in allow-list entries for blizzard games, and some
other things also.

On Tue, Feb 23, 2021 at 9:08 AM Brian Amstutz <
brian.amstutz () asburyseminary edu> wrote:

> What about peer to peer (P2P) ports? Ours is currently blocked due to
> security concerns but we have a request to allow it so that student(s) can
> practice competitive Nintendo Smash :/
>
> Brian
> --
> Brian Amstutz
> Director of Administrative Technology
> Library, Information, and Technology Services
> Asbury Theological Seminary
>
>
> On Tue, Feb 23, 2021 at 8:58 AM Frank Barton <bartonf () husson edu> wrote:
>
> > We have a list of ports that are just flat-out-denied
> > Mostly SMB/NETBIOS stuff
> >
> > That said, DNS will be being added to that list eventually (with some
> > exceptions)
> >
> > I can't think of a good reason to block outbound NTP requests - or FTP.
> >
> > Frank
> >
> > On Tue, Feb 23, 2021 at 8:54 AM Nadim El-Khoury <
> > nel-khoury () springfield edu> wrote:
> >
> > > Hi Everyone,
> > >
> > > I do apologize for bringing this subject back up again.
> > >
> > > Do you block outgoing traffic to ports like 53, 123, FTP, and so forth?
> > >
> > > Best,
> > >
> > > Nadim El-Khoury
> > > Director of Networks, Systems, Infrastructure, and Information Security
> > > Officer
> > > Springfield College
> > > 263 Alden Street
> > > Springfield, MA, 01109
> > > E-mail: nel-khoury () springfield edu
> > >
> > > On Thu, Jan 21, 2021 at 7:32 PM Nadim El-Khoury <
> > > nel-khoury () springfield edu> wrote:
> > >
> > > > Hi Everyone,
> > > >
> > > > I sincerely do apologize if this topic was discussed in the past. I
> > > > searched the Educause Security listserv archive, and the topic did not come
> > > > up.
> > > >
> > > > We are considering creating more restrictive access rules to
> > > > destination ports on our firewall.
> > > >
> > > > Has anyone implemented such rules? Did you announce it, and did you get
> > > > any push back?
> > > >
> > > > Your comments, inputs, and advice are greatly appreciated.
> > > >
> > > > Best,
> > > >
> > > > Nadim El-Khoury
> > > > Director of Networks, Systems, Infrastructure, and Information Security
> > > > Officer
> > > > Springfield College
> > > > 263 Alden Street
> > > > Springfield, MA, 01109
> > > > E-mail: nel-khoury () springfield edu
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > **********
> > > Replies to EDUCAUSE Community Group emails are sent to the entire
> > > community list. If you want to reply only to the person who sent the
> > > message, copy and paste their email address and forward the email reply.
> > > Additional participation and subscription information can be found at
> > > https://www.educause.edu/community
> >
> >
> > --
> > Frank Barton, MBA
> > Security+, ACMT, MCP
> > IT Systems Administrator
> > Husson University
> > PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437
> >
> > **********
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> > community list. If you want to reply only to the person who sent the
> > message, copy and paste their email address and forward the email reply.
> > Additional participation and subscription information can be found at
> > https://www.educause.edu/community
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community


-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University
PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community