Firewall Wizards mailing list archives
Re: outbound traffic security risk
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 23 Mar 2004 09:03:49 -0500 (EST)
On Tue, 23 Mar 2004, Hilal Hussein wrote:
Dear List, I would like to ask about the risk of opening outbound port traffics in the firewall.
Traffic should be allowed or disallowed by policy, not by whim. What ports and protocols are necessary for the business to run efficiently? What's the associated risk with each protocol, common applications, and users for each of those? Which ones will the business accept the risk for? Looking at it any other way is backwards and bad.
currently, i am opening the outbound ports traffic based on the user request, as pop3, and smtp traffics. I red about some risk that could be in some kind of outbound traffics which might pass java scripts, or trojan horses, or other kind of attacks during the opened session from users (inside the network) to the outbound.
Allowing external mail is pretty risky, especially if you don't have control over browser versions, controls, etc. Also, most trojaned machines "phone home" outwards, instead of taking connections inbound these days. Blocking outbound traffic means that those systems can't be controlled.
so please, i need to know of any risk that could come with some kind of outbound traffics, and if there is a good link for resources about the latest news of vulnerabilities of such outbound traffics.
Risk comes from connectivity. The more connectivity, the more risk. Firewalls reduce risk by controlling and limiting connectivity. The more you limit, the less risk you accept. The more you allow, the less value you get from the firewall, until a point where you get none. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- outbound traffic security risk Hilal Hussein (Mar 23)
- Re: outbound traffic security risk Paul D. Robertson (Mar 23)
- Re: outbound traffic security risk Holger Kipp (Mar 23)
- Re: outbound traffic security risk Don Kendrick (Mar 23)
- Re: outbound traffic security risk Don Kendrick (Mar 24)
- <Possible follow-ups>
- Re: outbound traffic security risk Mitchell Rowton (Mar 23)
- Re: outbound traffic security risk Devdas Bhagat (Mar 23)
- Re: outbound traffic security risk Mitchell Rowton (Mar 24)
- Re: outbound traffic security risk Devdas Bhagat (Mar 24)