Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Code Red: What security specialist don't mention in warnings

From: Nate Campi <nate () campi cc>
Date: Sat, 4 Aug 2001 12:55:19 -0700
On Thu, Aug 02, 2001 at 08:38:07PM -0400, mark.wiater () alexus com wrote:

Excellent point Frank. No web server should ever have to generate a
connection outside the local network.


Not true in our shop. Our web front-ends on one of the two news sites I
maintain have to connect outbound to several external services for
different content.

Of course this doesn't mean we allow all outbound connections. All
oubound connections are denied by default, and when building out the
architecture for a service such as this, we have the netops guys/gals
set up ACLs to allow the only the outbound connections we need.

My point is that even when outbound connections are necessary, you can
still reduce your risk, as we have.
-- 
        Nate
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: