Educause Security Discussion mailing list archives
Re: Another Try - More restrictive access to destination ports
From: Brian Amstutz <brian.amstutz () ASBURYSEMINARY EDU>
Date: Tue, 23 Feb 2021 09:53:18 -0500
Thanks for that info Frank! Brian On Tue, Feb 23, 2021 at 9:31 AM Frank Barton <bartonf () husson edu> wrote:
Brian - the big problem that we've seen with that is that most P2P systems jump all over the place using tons of different ports. On our student network we do some L7 filtering (using the built-in detections on the Sophos XG firewalls) - but even that has issues, including false positives, and encryption letting some stuff through. We did end up having to put in allow-list entries for blizzard games, and some other things also. On Tue, Feb 23, 2021 at 9:08 AM Brian Amstutz < brian.amstutz () asburyseminary edu> wrote:What about peer to peer (P2P) ports? Ours is currently blocked due to security concerns but we have a request to allow it so that student(s) can practice competitive Nintendo Smash :/ Brian -- Brian Amstutz Director of Administrative Technology Library, Information, and Technology Services Asbury Theological Seminary On Tue, Feb 23, 2021 at 8:58 AM Frank Barton <bartonf () husson edu> wrote:We have a list of ports that are just flat-out-denied Mostly SMB/NETBIOS stuff That said, DNS will be being added to that list eventually (with some exceptions) I can't think of a good reason to block outbound NTP requests - or FTP. Frank On Tue, Feb 23, 2021 at 8:54 AM Nadim El-Khoury < nel-khoury () springfield edu> wrote:Hi Everyone, I do apologize for bringing this subject back up again. Do you block outgoing traffic to ports like 53, 123, FTP, and so forth? Best, Nadim El-Khoury Director of Networks, Systems, Infrastructure, and Information Security Officer Springfield College 263 Alden Street Springfield, MA, 01109 E-mail: nel-khoury () springfield edu On Thu, Jan 21, 2021 at 7:32 PM Nadim El-Khoury < nel-khoury () springfield edu> wrote:Hi Everyone, I sincerely do apologize if this topic was discussed in the past. I searched the Educause Security listserv archive, and the topic did not come up. We are considering creating more restrictive access rules to destination ports on our firewall. Has anyone implemented such rules? Did you announce it, and did you get any push back? Your comments, inputs, and advice are greatly appreciated. Best, Nadim El-Khoury Director of Networks, Systems, Infrastructure, and Information Security Officer Springfield College 263 Alden Street Springfield, MA, 01109 E-mail: nel-khoury () springfield edu **********Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: Another Try - More restrictive access to destination ports Nadim El-Khoury (Feb 23)
- Re: Another Try - More restrictive access to destination ports Frank Barton (Feb 23)
- Re: Another Try - More restrictive access to destination ports Brian Amstutz (Feb 23)
- Re: Another Try - More restrictive access to destination ports Frank Barton (Feb 23)
- Re: Another Try - More restrictive access to destination ports Brian Amstutz (Feb 23)
- Re: Another Try - More restrictive access to destination ports Nadim El-Khoury (Mar 12)
- Re: Another Try - More restrictive access to destination ports Brian Amstutz (Feb 23)
- Re: Another Try - More restrictive access to destination ports Frank Barton (Feb 23)